Total
91541 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1572 | 1 Aj-fork | 1 Aj-fork | 2023-12-10 | 5.0 MEDIUM | N/A |
AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request. | |||||
CVE-2002-1406 | 1 Hp | 1 Hp-ux | 2023-12-10 | 7.2 HIGH | N/A |
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior." | |||||
CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | |||||
CVE-1999-0842 | 1 Symantec | 1 Mail-gear | 2023-12-10 | 5.0 MEDIUM | N/A |
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2004-1900 | 1 Pan Vision | 1 I.g.i-2 Covert Strike | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. | |||||
CVE-2000-0933 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 4.6 MEDIUM | N/A |
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. | |||||
CVE-2004-2175 | 1 All Enthusiast Inc | 1 Reviewpost Php Pro | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php. | |||||
CVE-2004-1535 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2002-0287 | 1 Powie | 1 Pforum | 2023-12-10 | 10.0 HIGH | N/A |
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. | |||||
CVE-1999-0786 | 1 Sun | 2 Solaris, Sunos | 2023-12-10 | 4.6 MEDIUM | N/A |
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. | |||||
CVE-2002-1062 | 1 T. Hauck | 1 Jana Web Server | 2023-12-10 | 7.5 HIGH | N/A |
Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries. | |||||
CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. | |||||
CVE-2002-1866 | 1 Sws | 1 Sws Simple Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist. | |||||
CVE-2003-0929 | 1 Clearswift | 1 Mailsweeper | 2023-12-10 | 7.5 HIGH | N/A |
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy. | |||||
CVE-2000-0247 | 1 Gnqs | 1 Gnqs | 2023-12-10 | 7.2 HIGH | N/A |
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. | |||||
CVE-1999-1057 | 1 Digital | 1 Vms | 2023-12-10 | 4.6 MEDIUM | N/A |
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. | |||||
CVE-2004-1891 | 1 Sgi | 1 Irix | 2023-12-10 | 5.0 MEDIUM | N/A |
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. | |||||
CVE-2002-2050 | 1 Modlogan | 1 Modlogan | 2023-12-10 | 2.1 LOW | N/A |
Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry. | |||||
CVE-2004-1550 | 1 Motorola | 1 Wr850g | 2023-12-10 | 7.5 HIGH | N/A |
Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. | |||||
CVE-2003-0492 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter. |