Total
251334 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0086 | 1 Ibm | 1 Lotus Domino | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. | |||||
CVE-2002-1271 | 1 Perl-mailtools | 1 Perl-mailtools | 2023-12-10 | 7.5 HIGH | N/A |
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. | |||||
CVE-1999-1256 | 1 Oracle | 1 Database Assistant | 2023-12-10 | 4.6 MEDIUM | N/A |
Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. | |||||
CVE-2003-1249 | 1 Businessobjects | 1 Webintelligence | 2023-12-10 | 7.5 HIGH | N/A |
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | |||||
CVE-1999-1145 | 1 Hp | 1 Hp-ux | 2023-12-10 | 7.2 HIGH | N/A |
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. | |||||
CVE-2002-0497 | 1 Mtr | 1 Mtr | 2023-12-10 | 2.1 LOW | N/A |
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. | |||||
CVE-2001-0329 | 1 Mozilla | 1 Bugzilla | 2023-12-10 | 7.5 HIGH | N/A |
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | |||||
CVE-1999-0448 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. | |||||
CVE-2003-0180 | 1 Ibm | 1 Lotus Domino Web Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. | |||||
CVE-2002-0026 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | |||||
CVE-2000-0723 | 1 Helix Code | 1 Gnome Installer | 2023-12-10 | 1.2 LOW | N/A |
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. | |||||
CVE-2000-0673 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 5.0 MEDIUM | N/A |
The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. | |||||
CVE-2003-0030 | 1 Protegrity | 1 Secure.data | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select. | |||||
CVE-1999-1150 | 1 Livingston Portmaster | 1 Portmaster | 2023-12-10 | 7.5 HIGH | N/A |
Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions. | |||||
CVE-2001-0563 | 1 Electrosoft | 1 Electrocomm | 2023-12-10 | 5.0 MEDIUM | N/A |
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23. | |||||
CVE-2001-0676 | 1 Ritlabs | 1 The Bat | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment. | |||||
CVE-2003-0499 | 1 Mantis | 1 Mantis | 2023-12-10 | 3.6 LOW | N/A |
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. | |||||
CVE-2004-2258 | 1 Hummingbird | 1 Exceed | 2023-12-10 | 2.1 LOW | N/A |
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. | |||||
CVE-2004-0910 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0815. Reason: This candidate is a reservation duplicate of CVE-2004-0815. Notes: All CVE users should reference CVE-2004-0815 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2003-0577 | 1 Mpg123 | 1 Mpg123 | 2023-12-10 | 7.5 HIGH | N/A |
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. |