Total
253942 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1872 | 1 Webct | 1 Webct | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. | |||||
CVE-2004-0872 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | |||||
CVE-2001-0726 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. | |||||
CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
CVE-2002-1050 | 1 Hylafax | 1 Hylafax | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. | |||||
CVE-2003-1100 | 1 Hummingbird | 1 Cyberdocs | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. | |||||
CVE-1999-0525 | 2024-02-04 | N/A | N/A | ||
IP traceroute is allowed from arbitrary hosts. | |||||
CVE-2001-0767 | 1 Steve Poulsen | 1 Guildftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET. | |||||
CVE-2004-1475 | 1 Xine | 2 Xine, Xine-lib | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. | |||||
CVE-1999-0353 | 1 Hp | 1 Hp-ux | 2024-02-04 | 9.3 HIGH | N/A |
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. | |||||
CVE-2004-0009 | 1 Apache-ssl | 1 Apache-ssl | 2024-02-04 | 7.5 HIGH | N/A |
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. | |||||
CVE-2000-0918 | 1 Kde | 1 Kvt | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. | |||||
CVE-2004-1362 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-04 | 7.5 HIGH | N/A |
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | |||||
CVE-1999-1381 | 1 Dbadmin | 1 Dbadmin | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands. | |||||
CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 4.6 MEDIUM | N/A |
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
CVE-2002-0252 | 1 Apple | 1 Quicktime | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. | |||||
CVE-1999-1394 | 1 Bsd | 1 Bsd | 2024-02-04 | 2.1 LOW | N/A |
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device. | |||||
CVE-2004-0313 | 1 Psoproxy | 1 Psoproxy Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name. | |||||
CVE-2000-0244 | 1 Citrix | 2 Metaframe, Winframe | 2024-02-04 | 10.0 HIGH | N/A |
The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. |