Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0975 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-07-10 | 5.0 MEDIUM | N/A |
| Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 10.0 HIGH | N/A |
| Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges. | |||||
| CVE-2000-1221 | 3 Debian, Redhat, Sgi | 3 Debian Linux, Linux, Irix | 2017-07-10 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP. | |||||
| CVE-2001-1439 | 1 Hp | 1 Hp-ux | 2017-07-10 | 2.1 LOW | N/A |
| Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit. | |||||
| CVE-2000-1224 | 1 Caucho Technology | 1 Resin | 2017-07-10 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others. | |||||
| CVE-2001-1440 | 1 Ibm | 1 Aix | 2017-07-10 | 10.0 HIGH | N/A |
| Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. | |||||
| CVE-2003-1030 | 1 Dameware Development | 1 Mini Remote Control Server | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. | |||||
| CVE-2003-1033 | 1 Sap | 1 Sap Db | 2017-07-10 | 7.2 HIGH | N/A |
| The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program. | |||||
| CVE-2003-1034 | 1 Sap | 1 Sap Db | 2017-07-10 | 4.6 MEDIUM | N/A |
| The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs. | |||||
| CVE-2001-1443 | 1 Kth | 1 Kth Kerberos | 2017-07-10 | 5.0 MEDIUM | N/A |
| KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack. | |||||
| CVE-2001-1487 | 1 Qualcomm | 1 Qpopper | 2017-07-10 | 4.6 MEDIUM | N/A |
| popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option. | |||||
| CVE-2003-1044 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 7.5 HIGH | N/A |
| editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID. | |||||
| CVE-2001-1444 | 1 Kth | 1 Kth Kerberos | 2017-07-10 | 7.5 HIGH | N/A |
| The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack. | |||||
| CVE-2002-1321 | 1 Realnetworks | 2 Realone Player, Realplayer | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename. | |||||
| CVE-2003-1045 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 5.0 MEDIUM | N/A |
| votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter. | |||||
| CVE-2003-1046 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 7.5 HIGH | N/A |
| describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. | |||||
| CVE-2001-1442 | 1 Isc | 1 Inn | 2017-07-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. | |||||
| CVE-2002-1341 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. | |||||
| CVE-2002-0983 | 1 Irssi | 1 Irssi | 2017-07-10 | 5.0 MEDIUM | N/A |
| IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. | |||||
| CVE-2002-1780 | 1 Alcatech Gmbh | 1 Bpm Studio Pro | 2017-07-10 | 5.0 MEDIUM | N/A |
| BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves. | |||||