Total
253847 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2184 | 1 Digi-net Technologies | 1 Digichat | 2024-02-04 | 5.0 MEDIUM | N/A |
Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet. | |||||
CVE-2002-2399 | 1 Cascadesoft | 1 W3mail | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2004-1969 | 1 Openbb | 1 Openbb | 2024-02-04 | 7.5 HIGH | N/A |
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. | |||||
CVE-2000-0368 | 1 Cisco | 1 Ios | 2024-02-04 | 2.1 LOW | N/A |
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. | |||||
CVE-2000-0330 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-02-04 | 7.6 HIGH | N/A |
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. | |||||
CVE-2004-0547 | 1 Postgresql | 1 Postgresql | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash). | |||||
CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 10.0 HIGH | N/A |
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | |||||
CVE-1999-1585 | 1 Sun | 1 Sunos | 2024-02-04 | 7.2 HIGH | N/A |
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. | |||||
CVE-2004-0958 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | |||||
CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
CVE-2000-0199 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 7.2 HIGH | N/A |
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | |||||
CVE-2000-0048 | 1 Corel | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. | |||||
CVE-2003-0353 | 1 Microsoft | 1 Data Access Components | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | |||||
CVE-2003-0725 | 1 Realnetworks | 2 Helix Universal Server, Realserver | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code. | |||||
CVE-2001-0549 | 1 Symantec | 1 Liveupdate | 2024-02-04 | 4.6 MEDIUM | N/A |
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. | |||||
CVE-2001-1087 | 1 Network Appliance | 1 Netcache | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. | |||||
CVE-1999-1085 | 1 Ssh | 1 Secure Shell | 2024-02-04 | 5.0 MEDIUM | N/A |
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." | |||||
CVE-2004-1455 | 1 Xine | 1 Xine-lib | 2024-02-04 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. | |||||
CVE-2004-0395 | 1 Gatos | 1 Gatos | 2024-02-04 | 7.2 HIGH | N/A |
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call. | |||||
CVE-2003-0282 | 2 Info-zip, Sco | 3 Unzip, Openlinux Server, Openlinux Workstation | 2024-02-04 | 2.6 LOW | N/A |
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. |