Total
260271 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||||
CVE-2000-1007 | 1 Symantec | 1 I-gear | 2024-02-04 | 5.0 MEDIUM | N/A |
I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. | |||||
CVE-2004-0806 | 1 Cdrtools | 1 Cdrecord | 2024-02-04 | 7.2 HIGH | N/A |
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges. | |||||
CVE-2003-0479 | 1 Affordable Web Space Design | 1 Affordable Web Space Design Webbbs | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields. | |||||
CVE-2004-0769 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771. | |||||
CVE-2003-0099 | 1 Apc | 1 Apcupsd | 2024-02-04 | 7.2 HIGH | N/A |
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. | |||||
CVE-2000-0108 | 1 Intelligent Vending Systems | 1 Intellivend | 2024-02-04 | 7.5 HIGH | N/A |
The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
CVE-2004-1492 | 1 Quicksilver | 1 Master Of Orion Iii | 2024-02-04 | 5.0 MEDIUM | N/A |
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail. | |||||
CVE-2003-0372 | 1 Nessus | 1 Nessus | 2024-02-04 | 4.6 MEDIUM | N/A |
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. | |||||
CVE-2001-0263 | 1 Gene6 | 1 G6 Ftp Server | 2024-02-04 | 7.5 HIGH | N/A |
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled. | |||||
CVE-2002-0347 | 1 Sun | 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. | |||||
CVE-2003-1345 | 1 Follett Software | 1 Webcollection Plus | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | |||||
CVE-2001-1458 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||||
CVE-1999-0197 | 2024-02-04 | 10.0 HIGH | N/A | ||
finger 0@host on some systems may print information on some user accounts. | |||||
CVE-2001-0674 | 1 Robtex | 1 Viking Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request. | |||||
CVE-2003-1374 | 1 Hp | 1 Hp-ux | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options. | |||||
CVE-2004-0808 | 1 Samba | 1 Samba | 2024-02-04 | 5.0 MEDIUM | N/A |
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | |||||
CVE-2004-2232 | 1 Moodle | 1 Moodle | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. | |||||
CVE-2003-1295 | 2 Redhat, Suse | 2 Enterprise Linux, Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password." | |||||
CVE-2002-2414 | 2 Opera Software, Squid | 2 Opera, Squid | 2024-02-04 | 4.3 MEDIUM | N/A |
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash). |