Total
260271 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0763 | 2 Debian, Suse | 2 Debian Linux, Suse Linux | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. | |||||
CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2024-02-04 | 2.1 LOW | N/A |
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2002-1113 | 1 Mantis | 1 Mantis | 2024-02-04 | 7.5 HIGH | N/A |
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. | |||||
CVE-2002-0697 | 1 Microsoft | 1 Metadirectory Services | 2024-02-04 | 10.0 HIGH | N/A |
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. | |||||
CVE-2004-0393 | 1 Rlpr | 1 Rlpr | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function. | |||||
CVE-2003-0255 | 1 Gnu | 1 Privacy Guard | 2024-02-04 | 10.0 HIGH | N/A |
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path. | |||||
CVE-2002-1451 | 1 Desiderata Software | 1 Blazix | 2024-02-04 | 5.0 MEDIUM | N/A |
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character. | |||||
CVE-1999-0834 | 1 Rsa | 1 Rsaref | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. | |||||
CVE-2002-1427 | 1 Easy Scripts Archive | 2 Advanced Easy Homepage Creator, Easy Homepage Creator | 2024-02-04 | 7.5 HIGH | N/A |
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. | |||||
CVE-2004-1372 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure. | |||||
CVE-2003-1316 | 1 Endonesia | 1 Endonesia | 2024-02-04 | 5.0 MEDIUM | N/A |
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2002-1859 | 1 Orionserver | 1 Orion Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
CVE-2001-1138 | 1 Randy Parker | 1 Power Up Html | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. | |||||
CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | |||||
CVE-2000-0192 | 1 Caldera | 1 Openlinux | 2024-02-04 | 5.0 MEDIUM | N/A |
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. | |||||
CVE-2002-0162 | 1 Logwatch | 1 Logwatch | 2024-02-04 | 6.2 MEDIUM | N/A |
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | |||||
CVE-2003-1516 | 1 Sun | 1 Java Plug-in | 2024-02-04 | 6.8 MEDIUM | N/A |
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet. | |||||
CVE-2001-1371 | 1 Oracle | 1 Application Server | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||||
CVE-1999-0128 | 5 Digital, Ibm, Linux and 2 more | 9 Osf 1, Aix, Sng and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||||
CVE-2003-0988 | 1 Kde | 1 Kde | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. |