Total
250750 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0347 | 1 Microsoft | 2 Windows 95, Windows 98 | 2023-12-10 | 5.0 MEDIUM | N/A |
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. | |||||
CVE-2000-0528 | 1 Network Associates | 1 Net Tools Pki Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files. | |||||
CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2023-12-10 | 5.0 MEDIUM | N/A |
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | |||||
CVE-2004-0537 | 1 Opera | 1 Opera Browser | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. | |||||
CVE-2000-0081 | 1 Microsoft | 1 Hotmail | 2023-12-10 | 10.0 HIGH | N/A |
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. | |||||
CVE-1999-0929 | 1 Novell | 2 Http Server, Netware | 2023-12-10 | 5.0 MEDIUM | N/A |
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. | |||||
CVE-1999-0032 | 5 Bsdi, Freebsd, Next and 2 more | 5 Bsd Os, Freebsd, Nextstep and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. | |||||
CVE-2003-1076 | 1 Sun | 2 Solaris, Sunos | 2023-12-10 | 7.2 HIGH | N/A |
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file. | |||||
CVE-2003-0333 | 1 Hp | 1 Hp-ux | 2023-12-10 | 7.2 HIGH | N/A |
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085. | |||||
CVE-2001-1065 | 1 Cisco | 1 Cbos | 2023-12-10 | 5.0 MEDIUM | N/A |
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. | |||||
CVE-1999-1518 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2023-12-10 | 5.0 MEDIUM | N/A |
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults. | |||||
CVE-2002-1662 | 1 Mambo | 1 Mambo Site Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | |||||
CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | |||||
CVE-2001-1298 | 1 Grant Horwood | 1 Webodex | 2023-12-10 | 5.0 MEDIUM | N/A |
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
CVE-2002-2036 | 1 Sun | 1 Ray Server Software | 2023-12-10 | 7.5 HIGH | N/A |
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client. | |||||
CVE-2004-1871 | 1 Photopost | 1 Photopost Php Pro | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. | |||||
CVE-2003-0176 | 1 Sgi | 1 Irix | 2023-12-10 | 5.0 MEDIUM | N/A |
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan. | |||||
CVE-2000-0612 | 1 Microsoft | 2 Windows 95, Windows 98 | 2023-12-10 | 5.0 MEDIUM | N/A |
Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. | |||||
CVE-2000-1166 | 1 Twig Development Team | 1 Twig | 2023-12-10 | 7.5 HIGH | N/A |
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program. | |||||
CVE-2002-0295 | 1 Alcatel-lucent | 1 Omnipcx | 2023-12-10 | 4.6 MEDIUM | N/A |
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges. |