Total
91473 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0115 | 1 Martin Roesch | 1 Snort | 2023-12-10 | 5.0 MEDIUM | N/A |
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. | |||||
CVE-2001-0119 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2023-12-10 | 1.2 LOW | N/A |
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2023-12-10 | 5.0 MEDIUM | N/A |
The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | |||||
CVE-2001-1389 | 1 Xinetd | 1 Xinetd | 2023-12-10 | 7.5 HIGH | N/A |
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. | |||||
CVE-2002-1599 | 1 Daniel Barron | 1 Dansguardian | 2023-12-10 | 7.5 HIGH | N/A |
DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs. | |||||
CVE-2002-0564 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials. | |||||
CVE-2002-1150 | 1 Microsoft | 1 Netmeeting | 2023-12-10 | 4.6 MEDIUM | N/A |
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document. | |||||
CVE-1999-0273 | 1 Sun | 1 Sunos | 2023-12-10 | 5.0 MEDIUM | N/A |
Denial of service through Solaris 2.5.1 telnet by sending ^D characters. | |||||
CVE-2001-1098 | 1 Cisco | 1 Pix Firewall Manager | 2023-12-10 | 2.1 LOW | N/A |
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. | |||||
CVE-2004-1414 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2023-12-10 | 5.0 MEDIUM | N/A |
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images. | |||||
CVE-2002-0904 | 1 Kismet | 1 Kismet | 2023-12-10 | 7.5 HIGH | N/A |
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument. | |||||
CVE-1999-0422 | 1 Netbsd | 1 Netbsd | 2023-12-10 | 4.6 MEDIUM | N/A |
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set. | |||||
CVE-2003-1034 | 1 Sap | 1 Sap Db | 2023-12-10 | 4.6 MEDIUM | N/A |
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | |||||
CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2023-12-10 | 7.8 HIGH | N/A |
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | |||||
CVE-2003-1460 | 1 Ralf Hoffmann | 1 Worker Filemanager | 2023-12-10 | 3.6 LOW | N/A |
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information. | |||||
CVE-2004-0106 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2023-12-10 | 7.2 HIGH | N/A |
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. | |||||
CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
CVE-2004-2134 | 1 Oracle | 1 Application Server | 2023-12-10 | 4.6 MEDIUM | N/A |
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | |||||
CVE-2004-2097 | 1 Suse | 1 Suse Linux | 2023-12-10 | 2.1 LOW | N/A |
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd. | |||||
CVE-2002-1921 | 1 Oracle | 1 Mysql | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. |