Total
260505 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0398 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2024-02-04 | 7.5 HIGH | N/A |
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed. | |||||
CVE-2004-2089 | 1 Matrix | 1 Matrix Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. | |||||
CVE-2002-1782 | 1 University Of Washington | 1 Uw-imap | 2024-02-04 | 2.1 LOW | N/A |
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. | |||||
CVE-2001-0722 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 6.4 MEDIUM | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | |||||
CVE-1999-0785 | 1 Isc | 1 Inn | 2024-02-04 | 7.2 HIGH | N/A |
The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. | |||||
CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 10.0 HIGH | N/A |
Windows NT 4.0 beta allows users to read and delete shares. | |||||
CVE-2004-1358 | 1 Sun | 1 Solaris | 2024-02-04 | 5.0 MEDIUM | N/A |
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. | |||||
CVE-2002-0600 | 2 Kth, Luke Mewburn | 2 Kth Kerberos, Lukemftp | 2024-02-04 | 7.5 HIGH | N/A |
Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request. | |||||
CVE-2001-0065 | 1 Max-wilhelm Bruker | 1 Bftpd | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. | |||||
CVE-2003-0598 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1656 | 1 Xqus | 1 X-news | 2024-02-04 | 7.5 HIGH | N/A |
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. | |||||
CVE-2003-1417 | 1 Ncipher | 1 Support Software | 2024-02-04 | 4.4 MEDIUM | N/A |
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | |||||
CVE-2002-2269 | 1 Webster | 1 Webster Http Server | 2024-02-04 | 9.4 HIGH | N/A |
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2001-0113 | 1 Omnicron | 1 Omnihttpd | 2024-02-04 | 10.0 HIGH | N/A |
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. | |||||
CVE-2002-1506 | 1 Jacques Gelinas | 1 Linuxconf | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. | |||||
CVE-2001-0010 | 1 Isc | 1 Bind | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. | |||||
CVE-2001-1426 | 1 Alcatel | 1 Speed Touch Home | 2024-02-04 | 7.5 HIGH | N/A |
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations. | |||||
CVE-2003-1243 | 1 Sage | 1 Sage | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. | |||||
CVE-2022-26496 | 3 Debian, Fedoraproject, Network Block Device Project | 3 Debian Linux, Fedora, Network Block Device | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. | |||||
CVE-2022-26495 | 3 Debian, Fedoraproject, Network Block Device Project | 3 Debian Linux, Fedora, Network Block Device | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. |