Total
259035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0765 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-04 | 7.5 HIGH | N/A |
| The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | |||||
| CVE-2003-1193 | 1 Oracle | 2 Application Server Portal, Oracle9i | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. | |||||
| CVE-2003-1049 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 4.6 MEDIUM | N/A |
| IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | |||||
| CVE-2004-0002 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 10.0 HIGH | N/A |
| The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function. | |||||
| CVE-1999-1061 | 1 Hp | 1 Jetdirect | 2024-02-04 | 7.5 HIGH | N/A |
| HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging. | |||||
| CVE-2002-2256 | 1 Pwins | 1 Pwins | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters. | |||||
| CVE-1999-0079 | 1 Bisonware | 1 Bisonware Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports. | |||||
| CVE-2003-1351 | 1 Greg Billock | 1 Edittag | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | |||||
| CVE-2002-0441 | 1 Jerrett Taylor | 1 Php Imglist | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. | |||||
| CVE-1999-1399 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
| spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. | |||||
| CVE-2002-2050 | 1 Modlogan | 1 Modlogan | 2024-02-04 | 2.1 LOW | N/A |
| Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry. | |||||
| CVE-2001-0040 | 1 Apc | 1 Apcupsd | 2024-02-04 | 2.1 LOW | N/A |
| APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file. | |||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
| CVE-2002-2243 | 1 Akfingerd | 1 Akfingerd | 2024-02-04 | 5.0 MEDIUM | N/A |
| Akfingerd 0.5 and possibly earlier versions only allows one connection at a time and does not time out connections, which allows remote attackers to cause a denial of service (refused connections) by opening a connection and not closing it. | |||||
| CVE-2004-1615 | 1 Opera | 1 Opera Browser | 2024-02-04 | 2.6 LOW | N/A |
| Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme. | |||||
| CVE-2004-0811 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
| Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. | |||||
| CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. | |||||
| CVE-1999-0434 | 5 Caldera, Debian, Netbsd and 2 more | 5 Openlinux, Debian Linux, Netbsd and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
| XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. | |||||
| CVE-2002-1490 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 2.1 LOW | N/A |
| NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes. | |||||
| CVE-2001-0748 | 1 Acme Labs | 1 Acme Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. | |||||