Vulnerabilities (CVE)

Total 253706 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0993 1 Microsoft 1 Exchange Server 2023-12-10 7.5 HIGH N/A
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
CVE-2000-1179 1 Netopia 1 650-st Isdn Router 2023-12-10 5.0 MEDIUM N/A
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
CVE-2002-1034 1 Sun 1 I-runbook 2023-12-10 10.0 HIGH N/A
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
CVE-2003-1265 2 Mozilla, Netscape 2 Mozilla, Navigator 2023-12-10 2.1 LOW N/A
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
CVE-1999-1436 1 Ray Chan 1 Www Authorization Gateway 2023-12-10 7.5 HIGH N/A
Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter.
CVE-2004-2158 1 S9y 1 Serendipity 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
CVE-2001-0835 1 Bradford Barrett 1 Webalizer 2023-12-10 7.5 HIGH N/A
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
CVE-1999-1311 1 Hp 1 Hp-ux 2023-12-10 4.6 MEDIUM N/A
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
CVE-2000-0860 1 Php 1 Php 2023-12-10 5.0 MEDIUM N/A
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
CVE-2004-1515 1 Jelsoft 1 Vbulletin 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
CVE-2003-0072 1 Mit 2 Kerberos, Kerberos 5 2023-12-10 5.0 MEDIUM N/A
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
CVE-2001-0821 1 Dcscripts 1 Dcshop 2023-12-10 5.0 MEDIUM N/A
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
CVE-2001-0078 1 Sun 1 Cluster 2023-12-10 2.1 LOW N/A
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
CVE-2004-0808 1 Samba 1 Samba 2023-12-10 5.0 MEDIUM N/A
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
CVE-1999-0635 2023-12-10 N/A N/A
The echo service is running.
CVE-2001-1083 1 Icecast 1 Icecast 2023-12-10 5.0 MEDIUM N/A
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
CVE-2001-1180 1 Freebsd 1 Freebsd 2023-12-10 7.2 HIGH N/A
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
CVE-2002-0052 1 Microsoft 1 Internet Explorer 2023-12-10 5.0 MEDIUM N/A
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
CVE-2001-1017 1 Freebsd 1 Freebsd 2023-12-10 7.2 HIGH N/A
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
CVE-1999-0634 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The SSH service is running.