Total
259287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1463 | 1 Moinmoin | 1 Moinmoin | 2024-02-04 | 10.0 HIGH | N/A |
| Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact. | |||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2024-02-04 | 5.0 MEDIUM | N/A |
| Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2004-0126 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.6 MEDIUM | N/A |
| The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. | |||||
| CVE-2003-1468 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | |||||
| CVE-2002-0039 | 1 Sgi | 1 Irix | 2024-02-04 | 5.0 MEDIUM | N/A |
| rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. | |||||
| CVE-2002-1561 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. | |||||
| CVE-2003-0352 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. | |||||
| CVE-1999-1429 | 1 Dit | 1 Transferpro | 2024-02-04 | 2.1 LOW | N/A |
| DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. | |||||
| CVE-1999-1565 | 2 Debian, Earl Hood | 2 Debian Linux, Man2html | 2024-02-04 | 4.6 MEDIUM | N/A |
| Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2004-0450 | 1 Log2mail | 1 Log2mail | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail. | |||||
| CVE-2003-0117 | 1 Microsoft | 1 Biztalk Server | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. | |||||
| CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2024-02-04 | 10.0 HIGH | N/A |
| Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. | |||||
| CVE-2001-1437 | 1 Easyscripts | 1 Easynews | 2024-02-04 | 7.5 HIGH | N/A |
| easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out. | |||||
| CVE-1999-0358 | 1 Digital | 1 Unix | 2024-02-04 | 7.2 HIGH | N/A |
| Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. | |||||
| CVE-2003-1058 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 3.7 LOW | N/A |
| The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files. | |||||
| CVE-1999-0607 | 1 I-soft | 1 Quikstore | 2024-02-04 | 5.0 MEDIUM | N/A |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. | |||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." | |||||
| CVE-2002-1990 | 1 Caucho Technology | 1 Resin | 2024-02-04 | 5.0 MEDIUM | N/A |
| Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. | |||||
| CVE-2002-2175 | 1 Php | 1 Phpsquidpass | 2024-02-04 | 4.0 MEDIUM | N/A |
| phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username. | |||||
| CVE-2002-0654 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. | |||||