Total
253942 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0750 | 1 Py-membres | 1 Py-membres | 2024-02-04 | 7.5 HIGH | N/A |
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter. | |||||
CVE-2000-0785 | 1 Wircsrv | 1 Irc Server | 2024-02-04 | 5.0 MEDIUM | N/A |
WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file. | |||||
CVE-2000-1185 | 1 Itserv Incorporated | 1 Ridewaypn | 2024-02-04 | 5.0 MEDIUM | N/A |
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests. | |||||
CVE-2004-0563 | 1 Freenet6 | 1 Freenet6 | 2024-02-04 | 2.1 LOW | N/A |
The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password. | |||||
CVE-2001-0553 | 1 Ssh | 1 Secure Shell | 2024-02-04 | 7.2 HIGH | N/A |
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. | |||||
CVE-1999-1090 | 1 Ncsa | 1 Telnet | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. | |||||
CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2024-02-04 | 9.3 HIGH | N/A |
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
CVE-2000-1077 | 1 Iplanet | 1 Iplanet Web Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. | |||||
CVE-2000-0770 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 6.4 MEDIUM | N/A |
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. | |||||
CVE-2003-0842 | 1 Dag Apt Repository | 1 Mod Gzip | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. | |||||
CVE-2001-1416 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 5.1 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags. | |||||
CVE-2004-0414 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | |||||
CVE-2004-1441 | 1 Board Power | 1 Board Power | 2024-02-04 | 9.3 HIGH | N/A |
Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
CVE-2000-0725 | 1 Zope | 1 Zope | 2024-02-04 | 7.2 HIGH | N/A |
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. | |||||
CVE-2004-1482 | 1 Bnc | 1 Bnc | 2024-02-04 | 7.5 HIGH | N/A |
The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts. | |||||
CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 10.0 HIGH | N/A |
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||||
CVE-2004-1144 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges. | |||||
CVE-2002-2367 | 1 Socks5 | 1 Socks5 | 2024-02-04 | 7.8 HIGH | N/A |
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. | |||||
CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
CVE-2001-0182 | 1 Checkpoint | 1 Firewall-1 | 2024-02-04 | 5.0 MEDIUM | N/A |
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. |