Total
91560 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0459 | 2 Kde, Redhat | 8 Konqueror, Konqueror Embedded, Analog Real-time Synthesizer and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | |||||
CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2023-12-10 | 5.0 MEDIUM | N/A |
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2023-12-10 | 7.5 HIGH | N/A |
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. | |||||
CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2023-12-10 | 10.0 HIGH | N/A |
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | |||||
CVE-1999-0303 | 4 Digital, Netbsd, Openbsd and 1 more | 5 Osf 1, Netbsd, Openbsd and 2 more | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. | |||||
CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2023-12-10 | 4.6 MEDIUM | N/A |
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | |||||
CVE-2003-0153 | 1 Mozilla | 1 Bonsai | 2023-12-10 | 5.0 MEDIUM | N/A |
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | |||||
CVE-2003-0823 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | |||||
CVE-2002-1138 | 1 Microsoft | 2 Data Engine, Sql Server | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." | |||||
CVE-2004-1750 | 1 Vnc | 1 Realvnc | 2023-12-10 | 5.0 MEDIUM | N/A |
RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. | |||||
CVE-1999-1123 | 1 Sun | 1 Sunos | 2023-12-10 | 7.2 HIGH | N/A |
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall. | |||||
CVE-2002-2168 | 1 Thorsten Korner | 1 123tkshop | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php. | |||||
CVE-2000-1228 | 1 Phorum | 1 Phorum | 2023-12-10 | 5.0 MEDIUM | N/A |
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables. | |||||
CVE-2004-0188 | 1 Calife | 1 Calife | 2023-12-10 | 7.2 HIGH | N/A |
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. | |||||
CVE-2000-0271 | 1 Gnu | 1 Emacs | 2023-12-10 | 4.6 MEDIUM | N/A |
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords. | |||||
CVE-1999-1452 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 2.1 LOW | N/A |
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. | |||||
CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 10.0 HIGH | N/A |
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges. | |||||
CVE-2002-1519 | 2 Rapidstream, Watchguard | 2 Rapidstream, Firebox | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter. | |||||
CVE-2002-0477 | 1 Macromedia | 1 Flash Player | 2023-12-10 | 7.5 HIGH | N/A |
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand. | |||||
CVE-2000-0452 | 1 Lotus | 2 Domino Enterprise Server, Domino Mail Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. |