Total
28647 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0427 | 1 Aladdin Knowledge Systems | 1 Etoken | 2023-12-10 | 4.6 MEDIUM | N/A |
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. | |||||
CVE-2001-0284 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. | |||||
CVE-2002-0568 | 1 Oracle | 3 Application Server, Oracle8i, Oracle9i | 2023-12-10 | 2.1 LOW | N/A |
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory. | |||||
CVE-1999-0231 | 1 Seattle Lab Software | 1 Slmail | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access. | |||||
CVE-2002-1719 | 1 Bavo | 1 Bavo | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages. | |||||
CVE-2003-0521 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens. | |||||
CVE-2003-1112 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2023-12-10 | 7.5 HIGH | N/A |
The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
CVE-2002-0858 | 1 Oracle | 2 Oracle8i, Oracle9i | 2023-12-10 | 7.5 HIGH | N/A |
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges. | |||||
CVE-2002-1581 | 2 Debian, Mailreader.com | 2 Debian Linux, Mailreader.com | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter. | |||||
CVE-2003-0818 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. | |||||
CVE-2002-0815 | 3 Microsoft, Mozilla, Netscape | 3 Internet Explorer, Mozilla, Navigator | 2023-12-10 | 7.5 HIGH | N/A |
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | |||||
CVE-2001-1322 | 1 Xinetd | 1 Xinetd | 2023-12-10 | 3.6 LOW | N/A |
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. | |||||
CVE-2002-1772 | 1 Novell | 1 Netware | 2023-12-10 | 4.6 MEDIUM | N/A |
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password. | |||||
CVE-2004-1379 | 1 Xine | 2 Xine, Xine-lib | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field. | |||||
CVE-1999-0641 | 2023-12-10 | N/A | N/A | ||
The UUCP service is running. | |||||
CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2023-12-10 | 7.5 HIGH | N/A |
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. | |||||
CVE-1999-0248 | 1 Ssh | 1 Ssh | 2023-12-10 | 10.0 HIGH | N/A |
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. | |||||
CVE-2004-0232 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
CVE-2001-0935 | 1 Washington University | 1 Wu-ftpd | 2023-12-10 | 7.5 HIGH | N/A |
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. | |||||
CVE-2004-1677 | 1 Logicnow | 1 Perldesk | 2023-12-10 | 5.0 MEDIUM | N/A |
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message. |