Total
253999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0011 | 1 Debian | 1 Fsp | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. | |||||
CVE-2003-1210 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | |||||
CVE-2001-0162 | 1 Microsoft | 1 Windows Embedded Compact | 2024-02-04 | 7.5 HIGH | N/A |
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
CVE-2001-0185 | 1 Netopia | 1 R9100 Router | 2024-02-04 | 5.0 MEDIUM | N/A |
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. | |||||
CVE-2002-1435 | 1 Achievo | 1 Achievo | 2024-02-04 | 7.5 HIGH | N/A |
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code. | |||||
CVE-2004-1606 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2024-02-04 | 6.4 MEDIUM | N/A |
slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | |||||
CVE-1999-0945 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. | |||||
CVE-2004-1463 | 1 Moinmoin | 1 Moinmoin | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact. | |||||
CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2024-02-04 | 5.0 MEDIUM | N/A |
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
CVE-2004-0126 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.6 MEDIUM | N/A |
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. | |||||
CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||
CVE-2002-0039 | 1 Sgi | 1 Irix | 2024-02-04 | 5.0 MEDIUM | N/A |
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. | |||||
CVE-2002-1561 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. | |||||
CVE-2003-0352 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. | |||||
CVE-1999-1429 | 1 Dit | 1 Transferpro | 2024-02-04 | 2.1 LOW | N/A |
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. | |||||
CVE-1999-1565 | 2 Debian, Earl Hood | 2 Debian Linux, Man2html | 2024-02-04 | 4.6 MEDIUM | N/A |
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2004-0450 | 1 Log2mail | 1 Log2mail | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail. | |||||
CVE-2003-0117 | 1 Microsoft | 1 Biztalk Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. | |||||
CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2024-02-04 | 10.0 HIGH | N/A |
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. | |||||
CVE-2001-1437 | 1 Easyscripts | 1 Easynews | 2024-02-04 | 7.5 HIGH | N/A |
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out. |