Total
262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2263 | 1 Hp | 2 Hp-ux, Visualize Conference Ftp | 2023-12-10 | 6.6 MEDIUM | N/A |
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files. | |||||
CVE-2003-1452 | 1 Qualcomm | 1 Qpopper | 2023-12-10 | 3.6 LOW | N/A |
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. | |||||
CVE-2002-2335 | 1 John Drake | 1 Killer Protection | 2023-12-10 | 5.0 MEDIUM | N/A |
Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php. | |||||
CVE-1999-0886 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 9.0 HIGH | N/A |
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | |||||
CVE-2003-1341 | 1 Trend Micro | 2 Officescan, Virus Buster | 2023-12-10 | 7.5 HIGH | N/A |
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe. | |||||
CVE-2002-2280 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 2.1 LOW | N/A |
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. | |||||
CVE-2003-1352 | 1 Gabber | 1 Gabber | 2023-12-10 | 5.0 MEDIUM | N/A |
Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing. | |||||
CVE-2003-1357 | 2 Microsoft, Replicom | 2 Windows Nt, Proxyview | 2023-12-10 | 10.0 HIGH | N/A |
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | |||||
CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2023-12-10 | 7.5 HIGH | N/A |
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | |||||
CVE-2003-1426 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.3 LOW | N/A |
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. | |||||
CVE-2002-2331 | 1 Cascadesoft | 1 W3mail | 2023-12-10 | 5.8 MEDIUM | N/A |
W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments. | |||||
CVE-1999-0701 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 7.2 HIGH | N/A |
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. | |||||
CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | |||||
CVE-2003-1362 | 1 Hp | 2 Bastille, Hp-ux | 2023-12-10 | 7.8 HIGH | N/A |
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. | |||||
CVE-1999-0656 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 5.0 MEDIUM | N/A |
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | |||||
CVE-2003-1449 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2023-12-10 | 7.5 HIGH | N/A |
Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection. | |||||
CVE-1999-0875 | 2 Microsoft, Sun | 5 Windows 2000, Windows 95, Windows 98se and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | |||||
CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2023-12-10 | 4.6 MEDIUM | N/A |
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | |||||
CVE-2002-2234 | 1 Netscreen | 1 Screenos | 2023-12-10 | 4.3 MEDIUM | N/A |
NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. | |||||
CVE-2004-0605 | 2 Ircd-hybrid, Ircd-ratbox | 2 Ircd-hybrid, Ircd-ratbox | 2023-12-10 | 5.0 MEDIUM | N/A |
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued. |