Vulnerabilities (CVE)

Total 260505 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1259 2024-02-04 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-1999-1451 1 Microsoft 2 Internet Information Server, Site Server 2024-02-04 5.0 MEDIUM N/A
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
CVE-2002-1987 1 Caucho Technology 1 Resin 2024-02-04 5.0 MEDIUM N/A
Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot).
CVE-2000-0541 1 Panda 1 Panda Antivirus 2024-02-04 7.2 HIGH N/A
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
CVE-2000-0873 1 Ibm 1 Aix 2024-02-04 2.1 LOW N/A
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
CVE-2001-1149 1 Panda 1 Panda Antivirus Platinum 2024-02-04 5.0 MEDIUM N/A
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
CVE-2000-1049 1 Macromedia 1 Jrun 2024-02-04 5.0 MEDIUM N/A
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
CVE-2002-2158 1 Zendocs 1 Zentrack 2024-02-04 5.0 MEDIUM N/A
zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message.
CVE-2000-1118 1 24link 1 24link 2024-02-04 7.5 HIGH N/A
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
CVE-1999-0752 1 Netscape 1 Enterprise Server 2024-02-04 5.0 MEDIUM N/A
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
CVE-2003-0024 1 Aterm 1 Aterm 2024-02-04 7.5 HIGH N/A
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
CVE-2001-0523 1 Eeye Digital Security 2 Secureiis, Securells 2024-02-04 7.5 HIGH N/A
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
CVE-1999-1397 1 Microsoft 1 Index Server 2024-02-04 7.5 HIGH N/A
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
CVE-2001-1099 2 Microsoft, Symantec 2 Exchange Server, Norton Antivirus 2024-02-04 5.0 MEDIUM N/A
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
CVE-2004-0719 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2001-1104 1 Sonicwall 2 Soho, Soho Firmware 2024-02-04 7.5 HIGH N/A
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
CVE-2003-1101 1 Hummingbird 1 Cyberdocs 2024-02-04 5.0 MEDIUM N/A
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.
CVE-2003-1085 1 Thomson 2 Tcm Cable Modem, Tcw Cable Modem 2024-02-04 5.0 MEDIUM N/A
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.
CVE-1999-0412 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-04 7.5 HIGH N/A
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
CVE-2002-0859 1 Microsoft 2 Jet, Sql Server 2024-02-04 7.5 HIGH N/A
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.