Total
28647 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0097 | 1 Openh323 Project | 1 Pwlib | 2023-12-10 | 10.0 HIGH | N/A |
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | |||||
CVE-2000-1034 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. | |||||
CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. | |||||
CVE-2004-0538 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user. | |||||
CVE-1999-0740 | 1 Redhat | 1 Linux | 2023-12-10 | 6.4 MEDIUM | N/A |
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. | |||||
CVE-2003-1276 | 1 Nettelephone | 1 Nettelephone | 2023-12-10 | 4.6 MEDIUM | N/A |
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts. | |||||
CVE-2000-1173 | 1 Microsys | 1 Cyberpatrol | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information. | |||||
CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2023-12-10 | 7.5 HIGH | N/A |
Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | |||||
CVE-2004-0997 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors. | |||||
CVE-2001-1235 | 1 Derek Leung | 1 Pslash | 2023-12-10 | 7.5 HIGH | N/A |
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. | |||||
CVE-2003-1327 | 2 Linux, Washington University | 2 Linux Kernel, Wu-ftpd | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. | |||||
CVE-2000-1098 | 1 Sonicwall | 1 Soho Firewall | 2023-12-10 | 5.0 MEDIUM | N/A |
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | |||||
CVE-2002-2144 | 1 Free Peers | 1 Bearshare | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters. | |||||
CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
CVE-2000-0906 | 1 Moreover.com | 1 Cached Feed.cgi Script | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. | |||||
CVE-2000-0229 | 4 Alessandro Rubini, Debian, Redhat and 1 more | 4 Gpm, Debian Linux, Linux and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. | |||||
CVE-2002-0794 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 5.0 MEDIUM | N/A |
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. | |||||
CVE-2002-1659 | 1 Iatek | 1 Portalapp | 2023-12-10 | 10.0 HIGH | N/A |
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. | |||||
CVE-2001-1146 | 1 Lee Herron | 1 Allcommerce | 2023-12-10 | 1.2 LOW | N/A |
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. | |||||
CVE-2000-0397 | 1 Seattle Lab Software | 1 Emurl | 2023-12-10 | 5.0 MEDIUM | N/A |
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. |