Total
253921 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 10.0 HIGH | N/A |
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | |||||
CVE-1999-1585 | 1 Sun | 1 Sunos | 2024-02-04 | 7.2 HIGH | N/A |
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. | |||||
CVE-2004-0958 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length. | |||||
CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
CVE-2000-0199 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 7.2 HIGH | N/A |
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | |||||
CVE-2000-0048 | 1 Corel | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. | |||||
CVE-2003-0353 | 1 Microsoft | 1 Data Access Components | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | |||||
CVE-2003-0725 | 1 Realnetworks | 2 Helix Universal Server, Realserver | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code. | |||||
CVE-2001-0549 | 1 Symantec | 1 Liveupdate | 2024-02-04 | 4.6 MEDIUM | N/A |
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. | |||||
CVE-2001-1087 | 1 Network Appliance | 1 Netcache | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. | |||||
CVE-1999-1085 | 1 Ssh | 1 Secure Shell | 2024-02-04 | 5.0 MEDIUM | N/A |
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." | |||||
CVE-2004-1455 | 1 Xine | 1 Xine-lib | 2024-02-04 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL. | |||||
CVE-2004-0395 | 1 Gatos | 1 Gatos | 2024-02-04 | 7.2 HIGH | N/A |
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call. | |||||
CVE-2003-0282 | 2 Info-zip, Sco | 3 Unzip, Openlinux Server, Openlinux Workstation | 2024-02-04 | 2.6 LOW | N/A |
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. | |||||
CVE-2000-0851 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. | |||||
CVE-2002-0836 | 3 Hp, Mandrakesoft, Redhat | 3 Secure Os, Mandrake Linux, Linux | 2024-02-04 | 7.5 HIGH | N/A |
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||||
CVE-2004-1599 | 1 Coolphp | 1 Coolphpweb Portal | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters. | |||||
CVE-2000-0369 | 1 Caldera | 1 Openlinux | 2024-02-04 | 5.0 MEDIUM | N/A |
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. | |||||
CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2024-02-04 | 7.5 HIGH | N/A |
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | |||||
CVE-2001-0751 | 1 Cisco | 1 Cbos | 2024-02-04 | 7.5 HIGH | N/A |
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. |