Total
90914 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0588 | 1 Digi-fx | 1 Digi-news | 2023-12-10 | 10.0 HIGH | N/A |
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
CVE-2004-2009 | 1 Adam Webb | 1 Nukejokes | 2023-12-10 | 5.0 MEDIUM | N/A |
NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message. | |||||
CVE-1999-0155 | 1 Aladdin Enterprises | 1 Ghostscript | 2023-12-10 | 7.5 HIGH | N/A |
The ghostscript command with the -dSAFER option allows remote attackers to execute commands. | |||||
CVE-2001-0346 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. | |||||
CVE-2003-1543 | 1 Bajie | 1 Java Http Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message. | |||||
CVE-2003-0087 | 1 National Language Support | 1 Libim | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. | |||||
CVE-2000-1165 | 1 Balabit | 1 Syslog-ng | 2023-12-10 | 5.0 MEDIUM | N/A |
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier. | |||||
CVE-2004-0274 | 1 Eggheads | 1 Eggdrop Irc Bot | 2023-12-10 | 7.5 HIGH | N/A |
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | |||||
CVE-2004-0078 | 1 Mutt | 1 Mutt | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. | |||||
CVE-2000-1064 | 1 Hp | 1 Jetdirect | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
CVE-2004-1686 | 1 Microsoft | 1 Ie | 2023-12-10 | 5.0 MEDIUM | N/A |
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | |||||
CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2023-12-10 | 5.0 MEDIUM | N/A |
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | |||||
CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | |||||
CVE-2002-2293 | 1 Twofold Photos | 1 Webshots Desktop | 2023-12-10 | 4.6 MEDIUM | N/A |
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager. | |||||
CVE-2002-2258 | 1 Mobydisk | 1 Netsuite | 2023-12-10 | 5.0 MEDIUM | N/A |
Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call. | |||||
CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2023-12-10 | 4.3 MEDIUM | N/A |
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
CVE-2004-1517 | 1 Zonelabs | 1 Imsecure | 2023-12-10 | 7.5 HIGH | N/A |
Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions. | |||||
CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2023-12-10 | 2.1 LOW | N/A |
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. | |||||
CVE-2003-1336 | 1 Mirc | 1 Mirc | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL. | |||||
CVE-2004-1889 | 1 Sgi | 1 Irix | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. |