Total
250131 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1138 | 1 Redhat | 1 Interchange | 2023-12-10 | 5.0 MEDIUM | N/A |
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). | |||||
CVE-2002-1492 | 1 Cisco | 1 Vpn 5000 Client | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. | |||||
CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2023-12-10 | 7.5 HIGH | N/A |
The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. | |||||
CVE-2004-2237 | 1 Moodle | 1 Moodle | 2023-12-10 | 10.0 HIGH | N/A |
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | |||||
CVE-2002-1159 | 1 Canna | 1 Canna | 2023-12-10 | 6.4 MEDIUM | N/A |
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. | |||||
CVE-1999-1112 | 1 Irfanview | 1 Irfanview | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. | |||||
CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2023-12-10 | 7.5 HIGH | N/A |
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | |||||
CVE-2002-0842 | 1 Oracle | 1 Application Server | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2023-12-10 | 4.6 MEDIUM | N/A |
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
CVE-2003-0819 | 1 Microsoft | 1 Proxy Server | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | |||||
CVE-2000-1100 | 1 Trlinux | 1 Postaci Webmail | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. | |||||
CVE-2004-1969 | 1 Openbb | 1 Openbb | 2023-12-10 | 7.5 HIGH | N/A |
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. | |||||
CVE-2002-0825 | 1 Padl Software | 1 Nss Ldap | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
CVE-2002-0813 | 1 Cisco | 1 Ios | 2023-12-10 | 7.1 HIGH | N/A |
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename. | |||||
CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2023-12-10 | 2.6 LOW | N/A |
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | |||||
CVE-2004-2143 | 1 Mambo | 1 Mambo Portal | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. | |||||
CVE-2003-1266 | 1 Etype | 1 Eserv | 2023-12-10 | 5.0 MEDIUM | N/A |
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data. | |||||
CVE-2001-0146 | 1 Microsoft | 2 Exchange Server, Internet Information Services | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | |||||
CVE-2002-0714 | 1 Squid | 1 Squid | 2023-12-10 | 7.5 HIGH | N/A |
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses. | |||||
CVE-2004-0720 | 1 Apple | 1 Safari | 2023-12-10 | 7.5 HIGH | N/A |
Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. |