Total
253949 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0414 | 1 Hp | 2 Hp-ux, Vvos | 2024-02-04 | 4.6 MEDIUM | N/A |
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. | |||||
CVE-2004-1609 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2024-02-04 | 5.0 MEDIUM | N/A |
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | |||||
CVE-2004-0664 | 1 Powerportal | 1 Powerportal | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter. | |||||
CVE-2002-0419 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. | |||||
CVE-2001-1235 | 1 Derek Leung | 1 Pslash | 2024-02-04 | 7.5 HIGH | N/A |
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. | |||||
CVE-2003-1512 | 1 Khaled Mardam-bey | 1 Mirc | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request. | |||||
CVE-2003-0321 | 1 Colten Edwards | 1 Bitchx | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it. | |||||
CVE-1999-0697 | 1 Sco | 1 Openserver | 2024-02-04 | 7.2 HIGH | N/A |
SCO Doctor allows local users to gain root privileges through a Tools option. | |||||
CVE-1999-0376 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | |||||
CVE-2002-1831 | 1 Microsoft | 1 Msn Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | |||||
CVE-2003-0805 | 1 University Of Minnesota | 1 Gopherd | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. | |||||
CVE-1999-1428 | 1 Sun | 1 Solstice Adminsuite | 2024-02-04 | 6.2 MEDIUM | N/A |
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. | |||||
CVE-2004-1565 | 1 W-agora | 1 W-agora | 2024-02-04 | 5.0 MEDIUM | N/A |
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | |||||
CVE-2001-1204 | 1 Total Pc Solutions | 1 Php Rocket Add-in | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2024-02-04 | 4.6 MEDIUM | N/A |
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | |||||
CVE-2000-0106 | 1 Easycart | 1 Easycart | 2024-02-04 | 7.5 HIGH | N/A |
The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
CVE-2002-2291 | 1 Calisto | 1 Calisto Internet Talker | 2024-02-04 | 7.8 HIGH | N/A |
Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow. | |||||
CVE-2004-1708 | 1 Shawn Webb | 1 Webbsyte Chat | 2024-02-04 | 5.0 MEDIUM | N/A |
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. | |||||
CVE-2004-1405 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 7.5 HIGH | N/A |
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | |||||
CVE-2003-1118 | 1 University Of California | 1 Seti At Home | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character. |