Total
28647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0701 | 1 Sun | 1 Sunvts | 2023-12-10 | 7.2 HIGH | N/A |
| Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument. | |||||
| CVE-2002-1178 | 1 Jetty | 1 Jetty Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. | |||||
| CVE-2000-0448 | 1 Network Associates | 1 Webshield | 2023-12-10 | 5.0 MEDIUM | N/A |
| The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. | |||||
| CVE-1999-0080 | 1 Washington University | 1 Wu-ftpd | 2023-12-10 | 10.0 HIGH | N/A |
| Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. | |||||
| CVE-2001-1283 | 1 Ipswitch | 1 Imail | 2023-12-10 | 7.5 HIGH | N/A |
| The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. | |||||
| CVE-2002-0504 | 1 Citrix | 1 Nfuse | 2023-12-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | |||||
| CVE-2003-1226 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 2.1 LOW | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | |||||
| CVE-2000-0189 | 1 Allaire | 1 Coldfusion Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. | |||||
| CVE-2001-0900 | 1 Francisco Burzi | 1 Gallery | 2023-12-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. | |||||
| CVE-2002-0125 | 1 Clanlib | 1 Clanlib | 2023-12-10 | 7.2 HIGH | N/A |
| Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable. | |||||
| CVE-2003-0379 | 1 Apple | 1 Afp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files. | |||||
| CVE-2001-1527 | 1 Easyscripts | 1 Easynews | 2023-12-10 | 2.1 LOW | N/A |
| easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access. | |||||
| CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2023-12-10 | 6.4 MEDIUM | N/A |
| A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. | |||||
| CVE-2002-2011 | 1 Jon Howell | 1 Faq-o-matic | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2004-0315 | 1 Avirt | 1 Voice | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080. | |||||
| CVE-2003-1319 | 1 Smartftp | 1 Smartftp | 2023-12-10 | 7.6 HIGH | N/A |
| Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow. | |||||
| CVE-2003-0069 | 1 Putty | 1 Putty | 2023-12-10 | 7.5 HIGH | N/A |
| The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2002-0075 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | |||||
| CVE-2000-1204 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. | |||||
| CVE-2002-1749 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 7.2 HIGH | N/A |
| Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. | |||||