Total
250626 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0038 | 1 Gnu | 1 Mailman | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | |||||
CVE-2004-1062 | 1 Viewcvs | 1 Viewcvs | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages. | |||||
CVE-1999-0537 | 2 Microsoft, Netscape | 2 Internet Explorer, Communicator | 2023-12-10 | 7.5 HIGH | N/A |
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. | |||||
CVE-2001-0525 | 1 Suse | 1 Suse Linux | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument. | |||||
CVE-2003-0968 | 1 Freeradius | 1 Freeradius | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. | |||||
CVE-2004-2067 | 1 Jaws | 1 Jaws | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. | |||||
CVE-2004-0767 | 1 Ngsec | 1 Stackdefender | 2023-12-10 | 5.0 MEDIUM | N/A |
NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions. | |||||
CVE-2000-0151 | 1 Gnu | 1 Make | 2023-12-10 | 6.2 MEDIUM | N/A |
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | |||||
CVE-2001-0303 | 1 Pi3 | 1 Pi3web | 2023-12-10 | 5.0 MEDIUM | N/A |
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. | |||||
CVE-2002-2035 | 1 Realityscape | 1 Mylogin 2000 | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form. | |||||
CVE-2004-0722 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2023-12-10 | 10.0 HIGH | N/A |
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | |||||
CVE-2002-1079 | 1 Aprelium Technologies | 1 Abyss Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. | |||||
CVE-2004-1707 | 1 Oracle | 5 Application Server, Application Server Portal, Database Server Lite and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | |||||
CVE-2002-1452 | 1 Mywebserver | 1 Mywebserver | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter. | |||||
CVE-1999-0812 | 1 Samba | 1 Samba | 2023-12-10 | 7.6 HIGH | N/A |
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. | |||||
CVE-1999-1055 | 1 Microsoft | 1 Excel | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." | |||||
CVE-2004-2116 | 1 Tinyserver | 1 Tinyserver | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2000-0373 | 1 Kde | 1 Kvt | 2023-12-10 | 7.2 HIGH | N/A |
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. | |||||
CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2023-12-10 | 2.1 LOW | N/A |
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | |||||
CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2023-12-10 | 5.0 MEDIUM | N/A |
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. |