Vulnerabilities (CVE)

Total 250651 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0590 1 Splatt 1 Splatt Forum 2023-12-10 7.1 HIGH N/A
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
CVE-2000-0326 1 On Technology 1 Meeting Maker 2023-12-10 5.0 MEDIUM N/A
Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts.
CVE-2000-1090 1 Microsoft 1 Internet Information Server 2023-12-10 5.0 MEDIUM N/A
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
CVE-2001-1290 1 Active Web Suite Technologies 1 Active Classifieds 2023-12-10 5.0 MEDIUM N/A
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
CVE-2003-0709 1 Whois 1 Whois 2023-12-10 7.5 HIGH N/A
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.
CVE-2004-0826 4 Hp, Mozilla, Netscape and 1 more 10 Hp-ux, Network Security Services, Certificate Server and 7 more 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
CVE-2003-0526 1 Microsoft 1 Isa Server 2023-12-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
CVE-1999-0526 1 X.org 1 X11 2023-12-10 10.0 HIGH N/A
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
CVE-2003-0975 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2023-12-10 5.0 MEDIUM N/A
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVE-1999-1228 3 Diamond, Logicode, Us Robotics 3 Supra, Quicktel, Us Robotics 2023-12-10 7.5 HIGH N/A
Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others.
CVE-1999-1108 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1107. Reason: This candidate is a duplicate of CVE-1999-1107. Notes: All CVE users should reference CVE-1999-1107 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2003-1269 1 An 1 An-http 2023-12-10 5.0 MEDIUM N/A
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.
CVE-2003-0220 1 Kerio 1 Personal Firewall 2 2023-12-10 7.5 HIGH N/A
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
CVE-2002-2299 1 Atthat.com 1 Thatware 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2003-0901 1 Postgresql 1 Postgresql 2023-12-10 7.5 HIGH N/A
Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.
CVE-2000-0848 1 Ibm 1 Websphere Application Server 2023-12-10 10.0 HIGH N/A
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
CVE-2002-1802 1 Xoops 1 Xoops 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.
CVE-2002-1454 1 Mywebserver 1 Mywebserver 2023-12-10 5.0 MEDIUM N/A
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.
CVE-2002-2005 1 Sun 1 Java Web Start 2023-12-10 7.5 HIGH N/A
Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors.
CVE-2004-1305 2 Microsoft, Nortel 19 Windows 2000, Windows 2003 Server, Windows 98 and 16 more 2023-12-10 5.0 MEDIUM N/A
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.