Total
253939 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0310 | 1 Ssh | 1 Ssh | 2024-02-04 | 7.5 HIGH | N/A |
SSH 1.2.25 on HP-UX allows access to new user accounts. | |||||
CVE-2003-1294 | 1 Xscreensaver | 1 Xscreensaver | 2024-02-04 | 2.1 LOW | N/A |
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2002-1835 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device. | |||||
CVE-2002-1879 | 1 Lokwa | 1 Lokwabb | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php. | |||||
CVE-2002-0129 | 1 Efax | 1 Efax | 2024-02-04 | 2.1 LOW | N/A |
efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. | |||||
CVE-1999-0132 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. | |||||
CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | |||||
CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | |||||
CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2024-02-04 | 2.1 LOW | N/A |
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument. | |||||
CVE-2004-0632 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 7.5 HIGH | N/A |
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow. | |||||
CVE-2003-1269 | 1 An | 1 An-http | 2024-02-04 | 5.0 MEDIUM | N/A |
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. | |||||
CVE-2001-0359 | 2 Sierra, Valve Software | 2 Half-life, Half-life Dedicated Server | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command. | |||||
CVE-1999-0065 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. | |||||
CVE-2002-2208 | 2 Cisco, Extended Interior Gateway Routing Protocol | 2 Ios, Extended Interior Gateway Routing Protocol | 2024-02-04 | 7.8 HIGH | N/A |
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | |||||
CVE-1999-0910 | 1 Microsoft | 3 Commercial Internet System, Site Server, Site Server Commerce | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | |||||
CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | |||||
CVE-2002-1245 | 1 Frank Mcingvale | 1 Luxman | 2024-02-04 | 7.2 HIGH | N/A |
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. | |||||
CVE-2001-1354 | 1 Netwin | 2 Dmail, Surgeftp | 2024-02-04 | 4.6 MEDIUM | N/A |
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. | |||||
CVE-2000-1045 | 1 Padl Software | 1 Nss Ldap | 2024-02-04 | 1.2 LOW | N/A |
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. | |||||
CVE-2003-1014 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2024-02-04 | 7.5 HIGH | N/A |
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients. |