Vulnerabilities (CVE)

Total 260580 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0589 1 Digi-fx 1 Digi-news 2024-02-04 10.0 HIGH N/A
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
CVE-2004-0350 1 Spidersales 1 Spidersales 2024-02-04 2.1 LOW N/A
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.
CVE-1999-0204 1 Eric Allman 1 Sendmail 2024-02-04 10.0 HIGH N/A
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
CVE-1999-0203 1 Eric Allman 1 Sendmail 2024-02-04 10.0 HIGH N/A
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
CVE-2003-0358 3 Debian, Falconseye Project, Nethack 3 Debian Linux, Falconseye, Nethack 2024-02-04 4.6 MEDIUM N/A
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
CVE-2004-0460 5 Infoblox, Isc, Mandrakesoft and 2 more 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more 2024-02-04 10.0 HIGH N/A
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
CVE-2002-0064 2 Bindview, Funk Software 2 Netrc, Funk Software Proxy 2024-02-04 7.2 HIGH N/A
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.
CVE-2000-0863 1 Listmanager 1 Linux 2024-02-04 7.2 HIGH N/A
Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.
CVE-1999-0763 1 Netbsd 1 Netbsd 2024-02-04 6.4 MEDIUM N/A
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
CVE-2001-1152 1 Baltimore Technologies 1 Websweeper 2024-02-04 7.5 HIGH N/A
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
CVE-2000-0403 1 Microsoft 1 Windows Nt 2024-02-04 5.0 MEDIUM N/A
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
CVE-1999-0298 2 Slackware, Sun 2 Slackware Linux, Sunos 2024-02-04 7.5 HIGH N/A
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
CVE-1999-1246 1 Microsoft 1 Site Server 2024-02-04 7.5 HIGH N/A
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
CVE-2004-1471 6 Cvs, Freebsd, Gentoo and 3 more 6 Cvs, Freebsd, Linux and 3 more 2024-02-04 7.1 HIGH N/A
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
CVE-2004-0326 1 Proxy-pro 1 Professional Gatekeeper 2024-02-04 10.0 HIGH N/A
Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2003-0614 1 Gallery Project 1 Gallery 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
CVE-2002-0192 2024-02-04 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0193, CVE-2002-1564. Reason: This candidate was published with a description that identified a different vulnerability than what was identified in the original authoritative reference. Notes: Consult CVE-2002-0193 or CVE-2002-1564 to find the identifier for the proper issue.
CVE-2000-1234 1 Phorum 1 Phorum 2024-02-04 5.0 MEDIUM N/A
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
CVE-2000-0826 1 Mobius 1 Documentdirect For The Internet 2024-02-04 10.0 HIGH N/A
Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request.
CVE-2004-1987 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2024-02-04 7.5 HIGH N/A
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.