Total
28646 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0126 | 1 Multitech | 1 Routefinder 550 Vpn | 2023-12-10 | 7.5 HIGH | N/A |
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities. | |||||
CVE-2002-2103 | 1 Apache | 1 Http Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities. | |||||
CVE-1999-0351 | 1 Ftp | 1 Ftp Pasv | 2023-12-10 | 6.4 MEDIUM | N/A |
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. | |||||
CVE-1999-0135 | 1 Sun | 2 Solaris, Sunos | 2023-12-10 | 7.2 HIGH | N/A |
admintool in Solaris allows a local user to write to arbitrary files and gain root access. | |||||
CVE-2004-1684 | 1 Zyxel | 2 Prestige, Zynos | 2023-12-10 | 5.0 MEDIUM | N/A |
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2002-0516 | 1 Squirrelmail | 1 Squirrelmail | 2023-12-10 | 10.0 HIGH | N/A |
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie. | |||||
CVE-2000-0925 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2023-12-10 | 5.0 MEDIUM | N/A |
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. | |||||
CVE-2004-1673 | 1 Icewarp | 1 Web Mail | 2023-12-10 | 7.5 HIGH | N/A |
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter. | |||||
CVE-2002-1973 | 2 Microsoft, Working Resources Inc. | 2 Foundation Class Library, Badblue | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error. | |||||
CVE-2001-1272 | 1 Wliang | 1 Wmtv | 2023-12-10 | 4.6 MEDIUM | N/A |
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option. | |||||
CVE-2003-1136 | 1 Chi Kien Uong | 1 Chi Kien Uong Guestbook | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. | |||||
CVE-2000-0914 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. | |||||
CVE-2002-1521 | 1 Mdg Computer Services | 1 Web Server 4d | 2023-12-10 | 2.1 LOW | N/A |
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. | |||||
CVE-2004-0414 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. | |||||
CVE-2002-1833 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2023-12-10 | 7.5 HIGH | N/A |
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges. | |||||
CVE-1999-1506 | 1 Sun | 1 Sunos | 2023-12-10 | 7.5 HIGH | N/A |
Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin. | |||||
CVE-1999-1399 | 1 Sgi | 1 Irix | 2023-12-10 | 7.2 HIGH | N/A |
spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. | |||||
CVE-2000-0210 | 1 Sun | 1 Workshop | 2023-12-10 | 1.2 LOW | N/A |
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. | |||||
CVE-2004-2234 | 1 Moodle | 1 Moodle | 2023-12-10 | 7.5 HIGH | N/A |
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | |||||
CVE-2002-1381 | 1 University Of Cambridge | 1 Exim | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. |