Total
254006 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0518 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||||
CVE-2003-1333 | 1 Intersystems | 1 Cache Database | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server. | |||||
CVE-1999-0707 | 1 Hp | 2 Hp-ux, Visualize Conference Ftp | 2024-02-04 | 7.5 HIGH | N/A |
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization. | |||||
CVE-2002-1666 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. | |||||
CVE-2003-0929 | 1 Clearswift | 1 Mailsweeper | 2024-02-04 | 7.5 HIGH | N/A |
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy. | |||||
CVE-2003-1257 | 1 E-theni | 1 E-theni | 2024-02-04 | 5.0 MEDIUM | N/A |
find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo. | |||||
CVE-2001-1029 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2024-02-04 | 2.1 LOW | N/A |
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. | |||||
CVE-2004-1678 | 1 Logicnow | 1 Perldesk | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs. | |||||
CVE-2000-0042 | 1 Csm | 1 Mail Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. | |||||
CVE-1999-0032 | 5 Bsdi, Freebsd, Next and 2 more | 5 Bsd Os, Freebsd, Nextstep and 2 more | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. | |||||
CVE-2001-0270 | 1 Marconi | 2 Asx-1000, Forethought | 2024-02-04 | 5.0 MEDIUM | N/A |
Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set. | |||||
CVE-2001-0048 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | |||||
CVE-2002-1747 | 1 Maxim Krasnyansky | 1 Vtun | 2024-02-04 | 5.0 MEDIUM | N/A |
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB. | |||||
CVE-1999-1137 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. | |||||
CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | |||||
CVE-2004-0755 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-04 | 2.1 LOW | N/A |
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. | |||||
CVE-2001-1119 | 1 Ti Kan | 1 Xmcd | 2024-02-04 | 6.2 MEDIUM | N/A |
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-1999-0283 | 2024-02-04 | 10.0 HIGH | N/A | ||
The Java Web Server would allow remote users to obtain the source code for CGI programs. | |||||
CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. | |||||
CVE-2004-1731 | 1 Mantis | 1 Mantis | 2024-02-04 | 5.0 MEDIUM | N/A |
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. |