Total
250055 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0721 | 1 Kde | 1 Konqueror | 2023-12-10 | 7.5 HIGH | N/A |
| Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2023-12-10 | 7.1 HIGH | N/A |
| The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | |||||
| CVE-2000-0029 | 1 Sco | 1 Unixware | 2023-12-10 | 4.6 MEDIUM | N/A |
| UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. | |||||
| CVE-2004-1870 | 1 Photopost | 1 Photopost Php Pro | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php. | |||||
| CVE-2001-1260 | 1 Avaya | 1 Argent Office | 2023-12-10 | 10.0 HIGH | N/A |
| Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot. | |||||
| CVE-2002-0819 | 1 Artsd | 1 Artsd | 2023-12-10 | 7.2 HIGH | N/A |
| Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function. | |||||
| CVE-2001-0788 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header. | |||||
| CVE-2002-2047 | 1 Sketch | 1 Sketch | 2023-12-10 | 10.0 HIGH | N/A |
| The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file. | |||||
| CVE-2002-2137 | 5 Alloy, D-link, Eusso and 2 more | 5 Gl-2422ap-s, Dwl-900ap\+, Gl2422 Ap and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155. | |||||
| CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2023-12-10 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | |||||
| CVE-2002-1444 | 2 Google, Microsoft | 2 Toolbar, Internet Explorer | 2023-12-10 | 2.6 LOW | N/A |
| The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. | |||||
| CVE-2002-0097 | 1 Geeklog | 1 Geeklog | 2023-12-10 | 7.5 HIGH | N/A |
| Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. | |||||
| CVE-2002-1283 | 1 Novell | 1 Emframe | 2023-12-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. | |||||
| CVE-2004-1741 | 1 Music Daemon | 1 Music Daemon | 2023-12-10 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST. | |||||
| CVE-2004-0784 | 1 Rob Flynn | 1 Gaim | 2023-12-10 | 7.5 HIGH | N/A |
| The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. | |||||
| CVE-2001-0921 | 1 Netscape | 1 Communicator | 2023-12-10 | 2.1 LOW | N/A |
| Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. | |||||
| CVE-2002-2166 | 1 E-zone Media Inc. | 1 Fusetalk | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script. | |||||
| CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2023-12-10 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | |||||
| CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2023-12-10 | 4.6 MEDIUM | N/A |
| mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0018 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 3.6 LOW | N/A |
| Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. | |||||