Total
258769 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0465 | 1 Openconnect | 1 Webconnect | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter. | |||||
CVE-2004-0727 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | |||||
CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. | |||||
CVE-2002-1430 | 1 Synthetic Reality | 1 Sympoll | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. | |||||
CVE-1999-0272 | 1 Slmail | 1 Slmail | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in Slmail v2.5 through the POP3 port. | |||||
CVE-2001-0518 | 1 Oracle | 1 Oracle9i | 2024-02-04 | 5.0 MEDIUM | N/A |
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. | |||||
CVE-2004-0592 | 1 Suse | 1 Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. | |||||
CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 7.6 HIGH | N/A |
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. | |||||
CVE-2004-0534 | 1 Businessobjects | 2 Infoview, Webintelligence | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document. | |||||
CVE-1999-1250 | 1 Blue World Communications | 1 Lasso Cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files. | |||||
CVE-2001-1040 | 1 Hp | 1 Jetadmin | 2024-02-04 | 6.4 MEDIUM | N/A |
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. | |||||
CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
CVE-2000-0533 | 1 Sgi | 1 Workshop Debugger And Performance Tools | 2024-02-04 | 7.2 HIGH | N/A |
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. | |||||
CVE-2003-0643 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). | |||||
CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2024-02-04 | 7.5 HIGH | N/A |
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | |||||
CVE-2002-1794 | 1 Hp | 2 Hp-ux, Ldap-ux Integration | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users. | |||||
CVE-2001-0281 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | |||||
CVE-2000-0023 | 1 Lotus | 1 Domino Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. | |||||
CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2024-02-04 | 7.5 HIGH | N/A |
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length. | |||||
CVE-1999-0103 | 2024-02-04 | 5.0 MEDIUM | N/A | ||
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. |