Total
247131 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1378 | 1 Dbmlparser.exe | 1 Dbmlparser.exe | 2023-12-10 | 5.0 MEDIUM | N/A |
dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files. | |||||
CVE-2003-0406 | 1 Palmvnc | 1 Palmvnc | 2023-12-10 | 7.2 HIGH | N/A |
PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges. | |||||
CVE-2001-0644 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2023-12-10 | 7.5 HIGH | N/A |
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. | |||||
CVE-2003-0283 | 1 Phorum | 1 Phorum | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. | |||||
CVE-2001-0031 | 1 Broadvision | 1 One-to-one Enterprise Server | 2023-12-10 | 5.0 MEDIUM | N/A |
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. | |||||
CVE-2001-1489 | 1 Microsoft | 1 Ie | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
CVE-2002-2354 | 1 Netgear | 1 Fm114p | 2023-12-10 | 7.8 HIGH | N/A |
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | |||||
CVE-1999-1071 | 1 Excite | 1 Ews | 2023-12-10 | 7.2 HIGH | N/A |
Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file. | |||||
CVE-2004-1425 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. | |||||
CVE-2001-0019 | 1 Cisco | 2 Arrowpoint, Content Services Switch | 2023-12-10 | 2.1 LOW | N/A |
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands. | |||||
CVE-2003-0459 | 2 Kde, Redhat | 8 Konqueror, Konqueror Embedded, Analog Real-time Synthesizer and 5 more | 2023-12-10 | 5.0 MEDIUM | N/A |
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | |||||
CVE-2003-1535 | 1 Justice Media | 1 Guestbook | 2023-12-10 | 5.0 MEDIUM | N/A |
Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. | |||||
CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2023-12-10 | 7.5 HIGH | N/A |
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. | |||||
CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2023-12-10 | 10.0 HIGH | N/A |
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | |||||
CVE-1999-0303 | 4 Digital, Netbsd, Openbsd and 1 more | 5 Osf 1, Netbsd, Openbsd and 2 more | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. | |||||
CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2023-12-10 | 4.6 MEDIUM | N/A |
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | |||||
CVE-2003-0153 | 1 Mozilla | 1 Bonsai | 2023-12-10 | 5.0 MEDIUM | N/A |
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | |||||
CVE-2003-0823 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | |||||
CVE-2002-1138 | 1 Microsoft | 2 Data Engine, Sql Server | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." | |||||
CVE-2004-1750 | 1 Vnc | 1 Realvnc | 2023-12-10 | 5.0 MEDIUM | N/A |
RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. |