Total
253939 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1148 | 1 Volano Llc | 1 Volanochatpro | 2024-02-04 | 4.6 MEDIUM | N/A |
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server. | |||||
CVE-2003-1362 | 1 Hp | 2 Bastille, Hp-ux | 2024-02-04 | 7.8 HIGH | N/A |
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. | |||||
CVE-1999-0805 | 1 Novell | 1 Netware | 2024-02-04 | 5.0 MEDIUM | N/A |
Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. | |||||
CVE-2002-0781 | 1 Novell | 1 Bordermanager | 2024-02-04 | 5.0 MEDIUM | N/A |
RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. | |||||
CVE-2002-1223 | 1 Kde | 1 Kde | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||||
CVE-2003-0209 | 2 Smoothwall, Sourcefire | 2 Smoothwall, Snort | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. | |||||
CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | |||||
CVE-2002-0652 | 1 Sgi | 1 Irix | 2024-02-04 | 7.5 HIGH | N/A |
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). | |||||
CVE-2001-0023 | 1 Leif M. Wright | 1 Everythingform.cgi | 2024-02-04 | 10.0 HIGH | N/A |
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
CVE-2000-0746 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | |||||
CVE-2001-0956 | 1 Speechio | 1 Speechd | 2024-02-04 | 7.2 HIGH | N/A |
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2003-1111 | 1 Dynamicsoft | 1 Appengine | 2024-02-04 | 7.5 HIGH | N/A |
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
CVE-2003-0856 | 1 Stephen Hemminger | 1 Iproute | 2024-02-04 | 4.9 MEDIUM | N/A |
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2024-02-04 | 5.8 MEDIUM | N/A |
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. | |||||
CVE-2002-0427 | 1 Christof Pohl | 1 Improved Mod Frontpage | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges. | |||||
CVE-2003-0192 | 1 Apache | 1 Http Server | 2024-02-04 | 6.4 MEDIUM | N/A |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. | |||||
CVE-2000-1069 | 1 Cgi-world | 2 Poll It, Poll It Pro | 2024-02-04 | 6.4 MEDIUM | N/A |
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters. | |||||
CVE-2001-0707 | 1 Denicomp | 1 Rshd | 2024-02-04 | 5.0 MEDIUM | N/A |
Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. | |||||
CVE-2003-0951 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.5 HIGH | N/A |
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges. | |||||
CVE-2001-0236 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. |