Total
253940 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1060 | 1 Xfree86 Project | 1 Xfce | 2024-02-04 | 4.6 MEDIUM | N/A |
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. | |||||
CVE-2001-1390 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 6.2 MEDIUM | N/A |
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. | |||||
CVE-2004-1549 | 1 Onnuri Infotek | 1 Activepost Standard | 2024-02-04 | 5.0 MEDIUM | N/A |
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection. | |||||
CVE-2001-0409 | 1 Vim Development Group | 1 Vim | 2024-02-04 | 2.1 LOW | N/A |
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. | |||||
CVE-1999-0312 | 1 Hp | 1 Hp-ux | 2024-02-04 | 5.0 MEDIUM | N/A |
HP ypbind allows attackers with root privileges to modify NIS data. | |||||
CVE-2004-1710 | 1 Andrew Kilpatrick | 1 Page Cgi | 2024-02-04 | 7.5 HIGH | N/A |
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. | |||||
CVE-2003-1553 | 1 Sips | 1 Sips | 2024-02-04 | 4.3 MEDIUM | N/A |
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | |||||
CVE-2000-0729 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. | |||||
CVE-2002-1553 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-04 | 7.5 HIGH | N/A |
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. | |||||
CVE-2004-0583 | 3 Debian, Usermin, Webmin | 3 Debian Linux, Usermin, Webmin | 2024-02-04 | 5.0 MEDIUM | N/A |
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | |||||
CVE-2004-1352 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code. | |||||
CVE-1999-0650 | 2024-02-04 | 5.0 MEDIUM | N/A | ||
The netstat service is running, which provides sensitive information to remote attackers. | |||||
CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2024-02-04 | 7.2 HIGH | N/A |
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | |||||
CVE-1999-1424 | 1 Sun | 1 Solstice Adminsuite | 2024-02-04 | 6.2 MEDIUM | N/A |
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries. | |||||
CVE-2001-1081 | 2 Lucent, Simon Horms | 2 Radius, Radius | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. | |||||
CVE-2002-1166 | 1 John Franks | 1 Wn Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
CVE-2004-0049 | 1 Realnetworks | 2 Helix Universal Mobile Server, Helix Universal Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port. | |||||
CVE-2003-0361 | 1 Debian | 1 Debian Linux | 2024-02-04 | 7.5 HIGH | N/A |
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp. | |||||
CVE-1999-0878 | 2 Beroftpd, Washington University | 2 Beroftpd, Wu-ftpd | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. | |||||
CVE-2002-1685 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI. |