Total
258077 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0221 | 1 Etype | 1 Eserv | 2023-12-10 | 5.0 MEDIUM | N/A |
Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV. | |||||
CVE-2004-1629 | 1 Distinct Web Creations | 1 Dwc Articles | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements. | |||||
CVE-2002-0212 | 1 Hosting Controller | 1 Hosting Controller | 2023-12-10 | 7.5 HIGH | N/A |
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack. | |||||
CVE-2002-1109 | 1 Amavis | 1 Virus Scanner | 2023-12-10 | 2.1 LOW | N/A |
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter. | |||||
CVE-2003-0977 | 2 Cvs, Slackware | 2 Cvs, Slackware Linux | 2023-12-10 | 7.5 HIGH | N/A |
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. | |||||
CVE-2000-0014 | 1 Michael Lamont | 1 Savant Webserver | 2023-12-10 | 5.0 MEDIUM | N/A |
Denial of service in Savant web server via a null character in the requested URL. | |||||
CVE-2002-0204 | 1 Gnu | 1 Chess | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | |||||
CVE-2004-0653 | 1 Sun | 1 Solaris | 2023-12-10 | 2.1 LOW | N/A |
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. | |||||
CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |||||
CVE-2002-0187 | 1 Microsoft | 1 Sql Server | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." | |||||
CVE-2003-1138 | 1 Redhat | 1 Interchange | 2023-12-10 | 5.0 MEDIUM | N/A |
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). | |||||
CVE-2002-1492 | 1 Cisco | 1 Vpn 5000 Client | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. | |||||
CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2023-12-10 | 7.5 HIGH | N/A |
The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. | |||||
CVE-2004-2237 | 1 Moodle | 1 Moodle | 2023-12-10 | 10.0 HIGH | N/A |
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | |||||
CVE-2002-1159 | 1 Canna | 1 Canna | 2023-12-10 | 6.4 MEDIUM | N/A |
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. | |||||
CVE-1999-1112 | 1 Irfanview | 1 Irfanview | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. | |||||
CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2023-12-10 | 7.5 HIGH | N/A |
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php. | |||||
CVE-2002-0842 | 1 Oracle | 1 Application Server | 2023-12-10 | 7.5 HIGH | N/A |
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2023-12-10 | 4.6 MEDIUM | N/A |
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
CVE-2003-0819 | 1 Microsoft | 1 Proxy Server | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. |