Total
246948 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0664 | 2023-12-10 | 10.0 HIGH | N/A | ||
An application-critical Windows NT registry key has inappropriate permissions. | |||||
CVE-2000-1147 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | |||||
CVE-1999-1299 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2023-12-10 | 10.0 HIGH | N/A |
rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file. | |||||
CVE-2002-0268 | 1 Identix | 1 Biologon | 2023-12-10 | 7.2 HIGH | N/A |
Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. | |||||
CVE-2001-0560 | 1 Paul Vixie | 1 Vixie Cron | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). | |||||
CVE-1999-0580 | 2023-12-10 | 10.0 HIGH | N/A | ||
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. | |||||
CVE-2001-0114 | 1 Omnicron | 1 Omnihttpd | 2023-12-10 | 5.0 MEDIUM | N/A |
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. | |||||
CVE-2002-0291 | 1 Funsoft | 1 Dinos Webserver | 2023-12-10 | 5.0 MEDIUM | N/A |
Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. | |||||
CVE-2000-0480 | 1 Shadow Op Software | 1 Dragon Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Dragon telnet server allows remote attackers to cause a denial of service via a long username. | |||||
CVE-1999-0614 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running. | |||||
CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2023-12-10 | 7.2 HIGH | N/A |
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session. | |||||
CVE-2002-0116 | 1 Palm | 1 Palm Os | 2023-12-10 | 5.0 MEDIUM | N/A |
Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. | |||||
CVE-2001-0933 | 1 Cooolsoft | 1 Powerftp | 2023-12-10 | 7.5 HIGH | N/A |
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:". | |||||
CVE-2004-0382 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.2 HIGH | N/A |
Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. | |||||
CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2023-12-10 | 6.4 MEDIUM | N/A |
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code. | |||||
CVE-2004-0191 | 1 Mozilla | 1 Mozilla | 2023-12-10 | 6.8 MEDIUM | N/A |
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. | |||||
CVE-2001-0436 | 1 Dcscripts | 2 Dcforum, Dcforum 2000 | 2023-12-10 | 7.5 HIGH | N/A |
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. | |||||
CVE-2004-1155 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable. | |||||
CVE-1999-0651 | 2023-12-10 | 7.5 HIGH | N/A | ||
The rsh/rlogin service is running. | |||||
CVE-2000-0314 | 5 Debian, Digital, Netbsd and 2 more | 5 Debian Linux, Unix, Netbsd and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. |