Total
250751 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1543 | 1 Bajie | 1 Java Http Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message. | |||||
CVE-2003-0087 | 1 National Language Support | 1 Libim | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. | |||||
CVE-2000-1165 | 1 Balabit | 1 Syslog-ng | 2023-12-10 | 5.0 MEDIUM | N/A |
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier. | |||||
CVE-2004-0274 | 1 Eggheads | 1 Eggdrop Irc Bot | 2023-12-10 | 7.5 HIGH | N/A |
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | |||||
CVE-2004-0078 | 1 Mutt | 1 Mutt | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. | |||||
CVE-2000-1064 | 1 Hp | 1 Jetdirect | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
CVE-2004-1686 | 1 Microsoft | 1 Ie | 2023-12-10 | 5.0 MEDIUM | N/A |
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | |||||
CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2023-12-10 | 5.0 MEDIUM | N/A |
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | |||||
CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2023-12-10 | 5.0 MEDIUM | N/A |
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | |||||
CVE-2002-2293 | 1 Twofold Photos | 1 Webshots Desktop | 2023-12-10 | 4.6 MEDIUM | N/A |
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager. | |||||
CVE-2002-2258 | 1 Mobydisk | 1 Netsuite | 2023-12-10 | 5.0 MEDIUM | N/A |
Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call. | |||||
CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2023-12-10 | 4.3 MEDIUM | N/A |
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
CVE-2004-1517 | 1 Zonelabs | 1 Imsecure | 2023-12-10 | 7.5 HIGH | N/A |
Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions. | |||||
CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2023-12-10 | 2.1 LOW | N/A |
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. | |||||
CVE-2003-1336 | 1 Mirc | 1 Mirc | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL. | |||||
CVE-2004-1889 | 1 Sgi | 1 Irix | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. | |||||
CVE-2002-0093 | 1 Compaq | 1 Tru64 | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423. | |||||
CVE-2004-1457 | 1 Novell | 1 Bordermanager | 2023-12-10 | 5.0 MEDIUM | N/A |
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite. | |||||
CVE-2000-0500 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. | |||||
CVE-2004-1836 | 1 Invision Power Services | 1 Invision Power Top Site List | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. |