Total
256700 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2158 | 1 Zendocs | 1 Zentrack | 2024-02-04 | 5.0 MEDIUM | N/A |
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message. | |||||
CVE-2000-1118 | 1 24link | 1 24link | 2024-02-04 | 7.5 HIGH | N/A |
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request. | |||||
CVE-1999-0752 | 1 Netscape | 1 Enterprise Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. | |||||
CVE-2003-0024 | 1 Aterm | 1 Aterm | 2024-02-04 | 7.5 HIGH | N/A |
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | |||||
CVE-2001-0523 | 1 Eeye Digital Security | 2 Secureiis, Securells | 2024-02-04 | 7.5 HIGH | N/A |
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected. | |||||
CVE-1999-1397 | 1 Microsoft | 1 Index Server | 2024-02-04 | 7.5 HIGH | N/A |
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | |||||
CVE-2001-1099 | 2 Microsoft, Symantec | 2 Exchange Server, Norton Antivirus | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | |||||
CVE-2004-0719 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2024-02-04 | 7.5 HIGH | N/A |
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
CVE-2003-1101 | 1 Hummingbird | 1 Cyberdocs | 2024-02-04 | 5.0 MEDIUM | N/A |
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. | |||||
CVE-2003-1085 | 1 Thomson | 2 Tcm Cable Modem, Tcw Cable Modem | 2024-02-04 | 5.0 MEDIUM | N/A |
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. | |||||
CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||||
CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. | |||||
CVE-2000-0741 | 1 Network Associates | 1 Net Tools Pki Server | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension. | |||||
CVE-2000-1020 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 7.5 HIGH | N/A |
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
CVE-2003-1128 | 1 X2 Studios | 1 Xmms Remote | 2024-02-04 | 7.5 HIGH | N/A |
XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086. | |||||
CVE-2004-0483 | 1 Sgi | 1 Irix | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote attackers to cause a denial of service (infinite loop) via certain RPC requests. | |||||
CVE-2003-1381 | 1 Amxmod.net | 1 Amx Mod | 2024-02-04 | 6.8 MEDIUM | N/A |
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. | |||||
CVE-2001-1378 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 2.1 LOW | N/A |
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. |