Total
253940 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0006 | 2 Rob Flynn, Ultramagnetic | 2 Gaim, Ultramagnetic | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect. | |||||
CVE-2001-0668 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. | |||||
CVE-1999-1036 | 1 Cops | 1 Cops | 2024-02-04 | 7.2 HIGH | N/A |
COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk. | |||||
CVE-2001-1258 | 1 Horde | 1 Imp | 2024-02-04 | 3.6 LOW | N/A |
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. | |||||
CVE-1999-0654 | 2024-02-04 | 10.0 HIGH | N/A | ||
The OS/2 or POSIX subsystem in NT is enabled. | |||||
CVE-2003-1156 | 1 Sun | 2 Jdk, Jre | 2024-02-04 | 4.6 MEDIUM | N/A |
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | |||||
CVE-2002-0357 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. | |||||
CVE-2003-0836 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. | |||||
CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2024-02-04 | 5.0 MEDIUM | N/A |
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers. | |||||
CVE-2001-0122 | 1 Ibm | 2 Http Server, Websphere Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. | |||||
CVE-1999-0449 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 7.8 HIGH | N/A |
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. | |||||
CVE-2002-0378 | 1 Astart Technologies | 1 Lprng | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts. | |||||
CVE-2004-1356 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. | |||||
CVE-2002-0189 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | |||||
CVE-1999-0674 | 3 Netbsd, Openbsd, Sun | 4 Netbsd, Openbsd, Solaris and 1 more | 2024-02-04 | 7.2 HIGH | N/A |
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. | |||||
CVE-2003-0589 | 1 Digi-fx | 1 Digi-news | 2024-02-04 | 10.0 HIGH | N/A |
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
CVE-2004-0350 | 1 Spidersales | 1 Spidersales | 2024-02-04 | 2.1 LOW | N/A |
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring. | |||||
CVE-1999-0204 | 1 Eric Allman | 1 Sendmail | 2024-02-04 | 10.0 HIGH | N/A |
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. | |||||
CVE-1999-0203 | 1 Eric Allman | 1 Sendmail | 2024-02-04 | 10.0 HIGH | N/A |
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. | |||||
CVE-2003-0358 | 3 Debian, Falconseye Project, Nethack | 3 Debian Linux, Falconseye, Nethack | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option. |