Total
260512 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1090 | 1 Ncsa | 1 Telnet | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. | |||||
| CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2024-02-04 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
| CVE-2000-1077 | 1 Iplanet | 1 Iplanet Web Server | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. | |||||
| CVE-2000-0770 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 6.4 MEDIUM | N/A |
| IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. | |||||
| CVE-2003-0842 | 1 Dag Apt Repository | 1 Mod Gzip | 2024-02-04 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. | |||||
| CVE-2001-1416 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags. | |||||
| CVE-2004-0414 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | |||||
| CVE-2004-1441 | 1 Board Power | 1 Board Power | 2024-02-04 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2000-0725 | 1 Zope | 1 Zope | 2024-02-04 | 7.2 HIGH | N/A |
| Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. | |||||
| CVE-2004-1482 | 1 Bnc | 1 Bnc | 2024-02-04 | 7.5 HIGH | N/A |
| The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts. | |||||
| CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 10.0 HIGH | N/A |
| IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||||
| CVE-2004-1144 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
| Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges. | |||||
| CVE-2002-2367 | 1 Socks5 | 1 Socks5 | 2024-02-04 | 7.8 HIGH | N/A |
| Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname. | |||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | |||||
| CVE-2001-0182 | 1 Checkpoint | 1 Firewall-1 | 2024-02-04 | 5.0 MEDIUM | N/A |
| FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. | |||||
| CVE-2003-1534 | 1 Justice Media | 1 Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. | |||||
| CVE-1999-1493 | 1 Hp | 1 Apollo Domain Os | 2024-02-04 | 10.0 HIGH | N/A |
| Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk(). | |||||
| CVE-2002-1183 | 1 Microsoft | 3 Windows 98, Windows 98se, Windows Nt | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | |||||
| CVE-2004-0735 | 1 Electronic Arts | 1 Medal Of Honor Allied Assault | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors. | |||||
| CVE-2004-1000 | 1 Debian | 1 Lintian | 2024-02-04 | 2.1 LOW | N/A |
| lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. | |||||