Total
247242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1875 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 9.3 HIGH | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. | |||||
CVE-2004-1996 | 1 Simple Machines | 1 Smf | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. | |||||
CVE-2002-1066 | 1 T. Hauck | 1 Jana Web Server | 2023-12-10 | 7.5 HIGH | N/A |
Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack. | |||||
CVE-2004-0158 | 1 Lgames | 1 Lbreakout2 | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c. | |||||
CVE-2004-1939 | 1 Rhinosoft | 1 Zaep Antispam | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. | |||||
CVE-2003-0988 | 1 Kde | 1 Kde | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | |||||
CVE-1999-1048 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. | |||||
CVE-2004-0795 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 7.2 HIGH | N/A |
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. | |||||
CVE-2000-0753 | 1 Microsoft | 1 Outlook | 2023-12-10 | 5.0 MEDIUM | N/A |
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. | |||||
CVE-2003-1083 | 1 Tildeslash | 1 Monit | 2023-12-10 | 10.0 HIGH | N/A |
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
CVE-1999-0022 | 6 Bsdi, Freebsd, Hp and 3 more | 7 Bsd Os, Freebsd, Hp-ux and 4 more | 2023-12-10 | 7.2 HIGH | N/A |
Local user gains root privileges via buffer overflow in rdist, via expstr() function. | |||||
CVE-1999-0644 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The NNTP news service is running. | |||||
CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||||
CVE-2003-1250 | 1 Efficient Networks | 1 5861 Dsl Router | 2023-12-10 | 5.0 MEDIUM | N/A |
Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap. | |||||
CVE-2002-0007 | 1 Mozilla | 1 Bugzilla | 2023-12-10 | 10.0 HIGH | N/A |
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | |||||
CVE-2004-0415 | 3 Linux, Redhat, Trustix | 3 Linux Kernel, Fedora Core, Secure Linux | 2023-12-10 | 2.1 LOW | N/A |
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. | |||||
CVE-2002-0405 | 1 Transsoft | 1 Broker Ftp Server | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters. | |||||
CVE-1999-1095 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2023-12-10 | 7.2 HIGH | N/A |
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. | |||||
CVE-2003-0246 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 3.6 LOW | N/A |
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. | |||||
CVE-2001-0364 | 1 Ssh | 1 Ssh2 | 2023-12-10 | 5.0 MEDIUM | N/A |
SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. |