Total
259227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0332 | 1 Extremail | 1 Extremail | 2024-02-04 | 10.0 HIGH | N/A |
| Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | |||||
| CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 2.1 LOW | N/A |
| Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | |||||
| CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2024-02-04 | 5.0 MEDIUM | N/A |
| Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. | |||||
| CVE-2001-1473 | 1 Ssh | 1 Ssh | 2024-02-04 | 7.5 HIGH | N/A |
| The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target. | |||||
| CVE-2001-0941 | 1 Oracle | 1 Database Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | |||||
| CVE-2001-0215 | 1 Martin Hamilton | 1 Roads | 2024-02-04 | 5.0 MEDIUM | N/A |
| ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. | |||||
| CVE-2002-0785 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. | |||||
| CVE-2000-1100 | 1 Trlinux | 1 Postaci Webmail | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. | |||||
| CVE-2004-1661 | 1 Sitecubed | 1 Mailworks Professional | 2024-02-04 | 7.5 HIGH | N/A |
| MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." | |||||
| CVE-2000-0769 | 1 Oreilly | 1 Website Pro | 2024-02-04 | 7.5 HIGH | N/A |
| O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. | |||||
| CVE-2004-0500 | 3 Gentoo, Mandrakesoft, Rob Flynn | 3 Linux, Mandrake Linux, Gaim | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | |||||
| CVE-2002-1873 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | |||||
| CVE-2003-0093 | 1 Lbl | 1 Tcpdump | 2024-02-04 | 5.0 MEDIUM | N/A |
| The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | |||||
| CVE-2004-1345 | 1 Sun | 3 Enterprise Storage Manager, Storedge 3310 Scsi Array, Storedge 3510 Fc Array | 2024-02-04 | 7.2 HIGH | N/A |
| Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access. | |||||
| CVE-2000-0049 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file. | |||||
| CVE-2001-0107 | 1 Symantec Veritas | 1 Backup | 2024-02-04 | 5.0 MEDIUM | N/A |
| Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. | |||||
| CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | |||||
| CVE-2001-1032 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
| admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. | |||||
| CVE-2001-0717 | 1 Tooltalk | 1 Tooltalk Database Server | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function. | |||||
| CVE-2003-0812 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. | |||||