Total
5243 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2407 | 1 Qnx | 1 Rtos | 2023-12-10 | 6.9 MEDIUM | N/A |
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed. | |||||
CVE-2002-2401 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2023-12-10 | 3.6 LOW | N/A |
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. | |||||
CVE-2003-1524 | 1 Pgpi | 1 Pgpdisk | 2023-12-10 | 6.3 MEDIUM | N/A |
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. | |||||
CVE-2002-0013 | 1 Snmp | 1 Snmp | 2023-12-10 | 10.0 HIGH | N/A |
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | |||||
CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||||
CVE-2002-2302 | 1 3d3.com | 1 Shopfactory | 2023-12-10 | 6.4 MEDIUM | N/A |
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field. | |||||
CVE-2003-1383 | 1 Logicworks | 1 Web Erp | 2023-12-10 | 7.5 HIGH | N/A |
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | |||||
CVE-1999-0344 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 7.2 HIGH | N/A |
NT users can gain debug-level access on a system process using the Sechole exploit. | |||||
CVE-2002-1877 | 1 Netgear | 1 Fm114p | 2023-12-10 | 7.5 HIGH | N/A |
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | |||||
CVE-2002-2311 | 2 Microsoft, Opera Software | 2 Internet Explorer, Opera Web Browser | 2023-12-10 | 6.4 MEDIUM | N/A |
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. | |||||
CVE-2003-1378 | 1 Microsoft | 2 Outlook, Outlook Express | 2023-12-10 | 8.8 HIGH | N/A |
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | |||||
CVE-2002-2283 | 1 Microsoft | 1 Windows Xp | 2023-12-10 | 1.9 LOW | N/A |
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | |||||
CVE-2002-2254 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | N/A |
The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted. | |||||
CVE-2003-1515 | 1 Origo | 2 Asr-8100, Asr-8400 | 2023-12-10 | 7.8 HIGH | N/A |
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults. | |||||
CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2023-12-10 | 7.5 HIGH | N/A |
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | |||||
CVE-2002-2425 | 1 Sun | 1 Solaris Answerbook2 | 2023-12-10 | 10.0 HIGH | N/A |
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request. | |||||
CVE-2003-1460 | 1 Ralf Hoffmann | 1 Worker Filemanager | 2023-12-10 | 3.6 LOW | N/A |
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information. | |||||
CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2003-1026 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | |||||
CVE-2002-2363 | 1 Hp | 1 Hp-ux | 2023-12-10 | 7.2 HIGH | N/A |
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges. |