Total
91375 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0970 | 1 Omnicron | 1 Omnihttpd | 2023-12-10 | 5.0 MEDIUM | N/A |
The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. | |||||
CVE-2000-0967 | 1 Php | 1 Php | 2023-12-10 | 10.0 HIGH | N/A |
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. | |||||
CVE-2003-0402 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2023-12-10 | 5.0 MEDIUM | N/A |
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. | |||||
CVE-2001-1341 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2023-12-10 | 5.0 MEDIUM | N/A |
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. | |||||
CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
CVE-1999-1147 | 1 Platinum | 1 Policy Compliance Manager | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. | |||||
CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2023-12-10 | 6.4 MEDIUM | N/A |
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. | |||||
CVE-2003-0914 | 9 Compaq, Freebsd, Hp and 6 more | 10 Tru64, Freebsd, Hp-ux and 7 more | 2023-12-10 | 4.3 MEDIUM | N/A |
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. | |||||
CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 5.0 MEDIUM | N/A |
Predictable TCP sequence numbers allow spoofing. | |||||
CVE-1999-1585 | 1 Sun | 1 Sunos | 2023-12-10 | 7.2 HIGH | N/A |
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. | |||||
CVE-2002-1081 | 1 Aprelium Technologies | 1 Abyss Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character. | |||||
CVE-2003-0945 | 1 Sap | 1 Sap Db | 2023-12-10 | 7.5 HIGH | N/A |
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities. | |||||
CVE-2002-2329 | 1 Mirabilis | 1 Icq | 2023-12-10 | 7.8 HIGH | N/A |
ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. | |||||
CVE-2003-0768 | 1 Microsoft | 1 Asp.net | 2023-12-10 | 6.8 MEDIUM | N/A |
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | |||||
CVE-2000-0994 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. | |||||
CVE-2002-1947 | 1 Webmin | 1 Webmin | 2023-12-10 | 6.4 MEDIUM | N/A |
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. | |||||
CVE-2001-0431 | 1 Iplanet | 1 Iplanet Web Server | 2023-12-10 | 10.0 HIGH | N/A |
Vulnerability in iPlanet Web Server Enterprise Edition 4.x. | |||||
CVE-2002-0335 | 1 Galacticomm Technologies | 2 Worldgroup, Worldgroup Lite Personal Server | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request. | |||||
CVE-2001-1558 | 1 Snort | 1 Snort | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash). | |||||
CVE-2001-1044 | 1 Basilix | 1 Basilix Webmail | 2023-12-10 | 7.5 HIGH | N/A |
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. |