Total
249088 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0291 | 2023-12-10 | 10.0 HIGH | N/A | ||
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. | |||||
CVE-2002-0098 | 1 Boozt | 1 Boozt Standard | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. | |||||
CVE-2001-0594 | 1 Sun | 2 Solaris, Sunos | 2023-12-10 | 4.6 MEDIUM | N/A |
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. | |||||
CVE-2001-1127 | 1 Progress | 1 Progress | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
CVE-2000-0116 | 1 Checkpoint | 1 Firewall-1 | 2023-12-10 | 7.5 HIGH | N/A |
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. | |||||
CVE-2002-1614 | 1 Hp | 2 Hp-ux, Tru64 | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at. | |||||
CVE-2003-0837 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. | |||||
CVE-2003-1525 | 1 My Photo Gallery | 1 My Photo Gallery | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors. | |||||
CVE-2002-1371 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2023-12-10 | 7.5 HIGH | N/A |
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. | |||||
CVE-2002-1880 | 1 Lokwa | 1 Lokwabb | 2023-12-10 | 5.0 MEDIUM | N/A |
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php. | |||||
CVE-2004-0126 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 4.6 MEDIUM | N/A |
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. | |||||
CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
CVE-2004-1189 | 1 Mit | 1 Kerberos 5 | 2023-12-10 | 7.2 HIGH | N/A |
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | |||||
CVE-2002-0209 | 1 Nortel | 1 Alteon Acedirector | 2023-12-10 | 5.0 MEDIUM | N/A |
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. | |||||
CVE-2004-0362 | 1 Iss | 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more | 2023-12-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm. | |||||
CVE-2001-0033 | 2 Kth, Netbsd | 2 Kth Kerberos, Netbsd | 2023-12-10 | 7.2 HIGH | N/A |
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges. | |||||
CVE-2001-0626 | 1 Oreilly | 1 Website Professional | 2023-12-10 | 7.5 HIGH | N/A |
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. | |||||
CVE-2002-0248 | 1 Wliang | 1 Wmtv | 2023-12-10 | 7.2 HIGH | N/A |
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. | |||||
CVE-2002-2386 | 1 Xoops | 1 Xoops | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | |||||
CVE-2004-1546 | 1 Alt-n | 1 Mdaemon | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server. |