Total
250883 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0621 | 1 Microsoft | 1 Commerce Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer. | |||||
CVE-2004-1898 | 1 Tildeslash | 1 Monit | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | |||||
CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2023-12-10 | 7.6 HIGH | N/A |
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. | |||||
CVE-2003-0537 | 1 Daiki Ueno | 1 Liece Emacs Irc Client | 2023-12-10 | 4.6 MEDIUM | N/A |
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users. | |||||
CVE-2001-1580 | 2 Nombas, Novell | 2 Scriptease Webserver, Netware | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. | |||||
CVE-2001-0915 | 1 Berkeley | 1 Pmake | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. | |||||
CVE-2001-1223 | 1 Elsa | 1 Lancom 1100 Office | 2023-12-10 | 10.0 HIGH | N/A |
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. | |||||
CVE-1999-0074 | 4 Freebsd, Linux, Microsoft and 1 more | 4 Freebsd, Linux Kernel, Windows Nt and 1 more | 2023-12-10 | 6.4 MEDIUM | N/A |
Listening TCP ports are sequentially allocated, allowing spoofing attacks. | |||||
CVE-2002-0722 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." | |||||
CVE-2002-2360 | 1 Webmin | 1 Webmin | 2023-12-10 | 9.3 HIGH | N/A |
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | |||||
CVE-2004-1641 | 1 South River Technologies | 1 Titan Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | |||||
CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 2.1 LOW | N/A |
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability. | |||||
CVE-2000-0275 | 1 Cryptocard | 1 Cryptoadmin | 2023-12-10 | 2.1 LOW | N/A |
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN. | |||||
CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2023-12-10 | 4.6 MEDIUM | N/A |
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. | |||||
CVE-2001-0966 | 1 Nudester.org | 1 Nudester | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. | |||||
CVE-1999-1219 | 1 Sgi | 1 Irix | 2023-12-10 | 7.2 HIGH | N/A |
Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command. | |||||
CVE-2000-0926 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2023-12-10 | 7.5 HIGH | N/A |
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. | |||||
CVE-2002-0418 | 1 Endymion | 1 Sake Mail | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter. | |||||
CVE-2002-0165 | 1 Logwatch | 1 Logwatch | 2023-12-10 | 7.2 HIGH | N/A |
LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162. | |||||
CVE-2004-2007 | 1 Adam Webb | 1 Nukejokes | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function. |