Total
249001 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0512 | 1 Cisco | 1 Ios | 2023-12-10 | 5.0 MEDIUM | N/A |
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. | |||||
CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2023-12-10 | 7.5 HIGH | N/A |
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | |||||
CVE-2002-0520 | 1 Asp-nuke | 1 Asp-nuke | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag. | |||||
CVE-2001-1535 | 1 Open Source Development Network | 1 Slashcode | 2023-12-10 | 4.6 MEDIUM | N/A |
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack. | |||||
CVE-1999-0262 | 1 Renaud Deraison | 1 Faxsurvey | 2023-12-10 | 7.5 HIGH | N/A |
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
CVE-2003-1533 | 1 Phppass | 1 Phppass | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | |||||
CVE-2000-1167 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 7.5 HIGH | N/A |
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. | |||||
CVE-2002-0158 | 1 Sun | 2 Solaris, Sunos | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. | |||||
CVE-2002-0286 | 1 Sitenews | 1 Sitenews | 2023-12-10 | 7.5 HIGH | N/A |
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user. | |||||
CVE-2001-1296 | 1 Marc Logemann | 1 More.groupware | 2023-12-10 | 5.0 MEDIUM | N/A |
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
CVE-2001-1007 | 1 Starfish | 1 Truesync Desktop | 2023-12-10 | 5.0 MEDIUM | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. | |||||
CVE-2000-0228 | 1 Microsoft | 1 Windows Media Rights Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. | |||||
CVE-2004-1526 | 1 New Media Generation | 1 Hired Team Trial | 2023-12-10 | 7.5 HIGH | N/A |
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator. | |||||
CVE-2003-1405 | 1 Dotbr | 1 Botbr | 2023-12-10 | 7.5 HIGH | N/A |
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | |||||
CVE-2003-1040 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | N/A |
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod. | |||||
CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2023-12-10 | 5.0 MEDIUM | N/A |
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | |||||
CVE-2002-1295 | 1 Microsoft | 1 Java Virtual Machine | 2023-12-10 | 7.5 HIGH | N/A |
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." | |||||
CVE-2002-0484 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. | |||||
CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2023-12-10 | 5.0 MEDIUM | N/A |
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. |