Total
253940 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
CVE-1999-1207 | 1 Network General | 1 Netxray | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. | |||||
CVE-1999-1439 | 1 Gcc | 1 Gcc | 2024-02-04 | 2.1 LOW | N/A |
gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. | |||||
CVE-2001-1181 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. | |||||
CVE-2002-0615 | 1 Microsoft | 2 Excel, Office | 2024-02-04 | 7.5 HIGH | N/A |
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". | |||||
CVE-1999-1503 | 1 Nfr | 1 Nfr | 2024-02-04 | 5.0 MEDIUM | N/A |
Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to cause a denial of service in nfrd (crash) via a TCP packet with a null header and data field. | |||||
CVE-2002-2150 | 1 Juniper | 1 Netscreen Screenos | 2024-02-04 | 5.0 MEDIUM | N/A |
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. | |||||
CVE-1999-1038 | 1 Tamu | 1 Tiger | 2024-02-04 | 7.2 HIGH | N/A |
Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable. | |||||
CVE-1999-0596 | 2024-02-04 | 10.0 HIGH | N/A | ||
A Windows NT log file has an inappropriate maximum size or retention period. | |||||
CVE-2003-1364 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-02-04 | 8.5 HIGH | N/A |
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. | |||||
CVE-2000-0282 | 1 Talentsoft | 1 Web\+ | 2024-02-04 | 5.0 MEDIUM | N/A |
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. | |||||
CVE-2002-0614 | 1 Php-survey | 1 Php-survey | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server. | |||||
CVE-2003-0855 | 1 Charles Kerr | 1 Pan | 2024-02-04 | 7.8 HIGH | N/A |
Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address. | |||||
CVE-2003-1206 | 1 Crob | 1 Crob Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir. | |||||
CVE-2004-0644 | 1 Mit | 1 Kerberos 5 | 2024-02-04 | 5.0 MEDIUM | N/A |
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | |||||
CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | |||||
CVE-1999-0906 | 1 Suse | 1 Suse Linux | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. | |||||
CVE-2002-0117 | 1 Yabb | 1 Yabb | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | |||||
CVE-2003-0389 | 1 Rsa | 1 Ace Agent | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script. | |||||
CVE-1999-1255 | 1 Ccs Network | 1 Hyperseek Search Engine | 2024-02-04 | 5.0 MEDIUM | N/A |
Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter. |