Total
253949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1016 | 1 Suse | 1 Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. | |||||
| CVE-2001-0622 | 1 Cisco | 1 Content Services Switch 11000 | 2024-02-04 | 7.5 HIGH | N/A |
| The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. | |||||
| CVE-2000-1170 | 1 Pelesoft | 1 Netsnap | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. | |||||
| CVE-2003-1339 | 1 Ezmeeting | 1 Ezmeeting | 2024-02-04 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll. | |||||
| CVE-2002-0081 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | |||||
| CVE-2002-2190 | 1 Artscore Studios | 1 Cutecast Forum | 2024-02-04 | 7.5 HIGH | N/A |
| ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file. | |||||
| CVE-2003-1330 | 2 Clearswift Limited, Microsoft | 2 Mailsweeper, All Windows | 2024-02-04 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. | |||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2024-02-04 | 7.2 HIGH | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | |||||
| CVE-2003-1039 | 1 Sap | 1 Mysap Business Suite | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server. | |||||
| CVE-2002-2049 | 1 Dug Song | 3 Dsniff, Fragroute, Fragrouter | 2024-02-04 | 7.5 HIGH | N/A |
| configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system. | |||||
| CVE-2000-0051 | 1 Allaire | 1 Spectra | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. | |||||
| CVE-1999-1044 | 1 Digital | 1 Unix | 2024-02-04 | 4.6 MEDIUM | N/A |
| Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. | |||||
| CVE-2002-2148 | 1 Lucent | 3 Ascend Max Router, Ascend Pipeline Router, Dslterminator | 2024-02-04 | 5.0 MEDIUM | N/A |
| Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response. | |||||
| CVE-2002-0898 | 1 Opera Software | 1 Opera Web Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. | |||||
| CVE-1999-0582 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | |||||
| CVE-1999-1316 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.5 HIGH | N/A |
| Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. | |||||
| CVE-2004-0334 | 1 Innomedia | 1 Innomedia Videophone | 2024-02-04 | 5.0 MEDIUM | N/A |
| InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error. | |||||
| CVE-2001-1232 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
| GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". | |||||
| CVE-2000-1133 | 1 Flicks Software | 1 Authentix | 2024-02-04 | 5.0 MEDIUM | N/A |
| Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory. | |||||
| CVE-2001-0670 | 4 Bsd, Freebsd, Netbsd and 1 more | 4 Bsd, Freebsd, Netbsd and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. | |||||