Total
250055 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1532 | 1 Appserv Open Project | 1 Appserv | 2023-12-10 | 7.5 HIGH | N/A |
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access. | |||||
CVE-2003-0147 | 3 Openpkg, Openssl, Stunnel | 3 Openpkg, Openssl, Stunnel | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | |||||
CVE-2003-0960 | 1 Openca | 1 Openca | 2023-12-10 | 7.5 HIGH | N/A |
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates. | |||||
CVE-2001-1019 | 1 Seaglass Technologies Inc. | 1 Sglmerchant | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. | |||||
CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2023-12-10 | 2.1 LOW | N/A |
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | |||||
CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 7.5 HIGH | N/A |
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | |||||
CVE-2004-2195 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2023-12-10 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | |||||
CVE-2000-0834 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 7.5 HIGH | N/A |
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. | |||||
CVE-2001-0152 | 1 Microsoft | 1 Plus | 2023-12-10 | 2.1 LOW | N/A |
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. | |||||
CVE-2003-0440 | 2 Debian, Semi | 2 Debian Linux, Semi | 2023-12-10 | 4.6 MEDIUM | N/A |
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2004-2086 | 1 Sambar | 1 Sambar Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. | |||||
CVE-2004-2226 | 1 Mozilla | 1 Thunderbird | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server. | |||||
CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. | |||||
CVE-2001-0020 | 1 Cisco | 2 Arrowpoint, Content Services Switch | 2023-12-10 | 2.1 LOW | N/A |
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2003-0344 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. | |||||
CVE-2003-0880 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.6 MEDIUM | N/A |
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences. | |||||
CVE-2000-0749 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. | |||||
CVE-1999-0998 | 1 Cisco | 1 Cache Engine | 2023-12-10 | 5.0 MEDIUM | N/A |
Cisco Cache Engine allows an attacker to replace content in the cache. | |||||
CVE-2003-1337 | 1 Aprelium Technologies | 1 Abyss Web Server | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
CVE-2003-0308 | 2 Debian, Sendmail | 2 Debian Linux, Sendmail | 2023-12-10 | 7.2 HIGH | N/A |
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. |