Total
250427 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0262 | 1 Netscape | 1 Smartdownload | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. | |||||
CVE-2003-0881 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | N/A |
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password. | |||||
CVE-2003-0197 | 2 Borland Software, Firebirdsql | 2 Interbase, Firebird | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK). | |||||
CVE-1999-0706 | 2 Isc, Redhat | 2 Inn, Linux | 2023-12-10 | 7.5 HIGH | N/A |
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. | |||||
CVE-1999-0719 | 1 Gnu | 1 Gnumeric | 2023-12-10 | 4.6 MEDIUM | N/A |
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code. | |||||
CVE-2002-0645 | 1 Microsoft | 2 Data Engine, Sql Server | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. | |||||
CVE-2004-0871 | 1 Mozilla | 1 Mozilla | 2023-12-10 | 5.0 MEDIUM | N/A |
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
CVE-2000-1004 | 1 Openbsd | 1 Openbsd | 2023-12-10 | 4.6 MEDIUM | N/A |
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. | |||||
CVE-2002-1364 | 1 Ehud Gavron | 1 Tracesroute | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. | |||||
CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. | |||||
CVE-1999-0471 | 1 Winroute | 1 Winroute | 2023-12-10 | 5.0 MEDIUM | N/A |
The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. | |||||
CVE-2004-2023 | 1 Zen Cart | 1 Zen Cart | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters. | |||||
CVE-2001-0580 | 1 Hughes Technologies | 1 Dsl Vdns | 2023-12-10 | 5.0 MEDIUM | N/A |
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection. | |||||
CVE-2000-1053 | 1 Macromedia | 1 Jrun | 2023-12-10 | 10.0 HIGH | N/A |
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | |||||
CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | |||||
CVE-2000-0064 | 1 Nortel | 1 Contivity | 2023-12-10 | 5.0 MEDIUM | N/A |
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. | |||||
CVE-2001-0229 | 1 Sun | 1 Chilisoft | 2023-12-10 | 7.2 HIGH | N/A |
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. | |||||
CVE-2001-1101 | 1 Checkpoint | 1 Firewall-1 | 2023-12-10 | 6.4 MEDIUM | N/A |
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-1999-1135 | 1 Hp | 1 Hp-ux | 2023-12-10 | 7.2 HIGH | N/A |
Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. | |||||
CVE-2003-0447 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. |