Total
260505 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1259 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-1999-1451 | 1 Microsoft | 2 Internet Information Server, Site Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | |||||
CVE-2002-1987 | 1 Caucho Technology | 1 Resin | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot). | |||||
CVE-2000-0541 | 1 Panda | 1 Panda Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. | |||||
CVE-2000-0873 | 1 Ibm | 1 Aix | 2024-02-04 | 2.1 LOW | N/A |
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. | |||||
CVE-2001-1149 | 1 Panda | 1 Panda Antivirus Platinum | 2024-02-04 | 5.0 MEDIUM | N/A |
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. | |||||
CVE-2000-1049 | 1 Macromedia | 1 Jrun | 2024-02-04 | 5.0 MEDIUM | N/A |
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. | |||||
CVE-2002-2158 | 1 Zendocs | 1 Zentrack | 2024-02-04 | 5.0 MEDIUM | N/A |
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message. | |||||
CVE-2000-1118 | 1 24link | 1 24link | 2024-02-04 | 7.5 HIGH | N/A |
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request. | |||||
CVE-1999-0752 | 1 Netscape | 1 Enterprise Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. | |||||
CVE-2003-0024 | 1 Aterm | 1 Aterm | 2024-02-04 | 7.5 HIGH | N/A |
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | |||||
CVE-2001-0523 | 1 Eeye Digital Security | 2 Secureiis, Securells | 2024-02-04 | 7.5 HIGH | N/A |
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected. | |||||
CVE-1999-1397 | 1 Microsoft | 1 Index Server | 2024-02-04 | 7.5 HIGH | N/A |
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | |||||
CVE-2001-1099 | 2 Microsoft, Symantec | 2 Exchange Server, Norton Antivirus | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | |||||
CVE-2004-0719 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2024-02-04 | 7.5 HIGH | N/A |
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
CVE-2003-1101 | 1 Hummingbird | 1 Cyberdocs | 2024-02-04 | 5.0 MEDIUM | N/A |
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message. | |||||
CVE-2003-1085 | 1 Thomson | 2 Tcm Cable Modem, Tcw Cable Modem | 2024-02-04 | 5.0 MEDIUM | N/A |
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. | |||||
CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. |