Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0101 | 1 Make-a-store | 1 Orderpage | 2008-09-10 | 7.5 HIGH | N/A |
| The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0102 | 1 Salescart | 1 Salescart | 2008-09-10 | 7.5 HIGH | N/A |
| The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0103 | 1 Netsmart | 1 Smartcart | 2008-09-10 | 7.5 HIGH | N/A |
| The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0104 | 1 Web Express | 1 Shoptron | 2008-09-10 | 7.5 HIGH | N/A |
| The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0105 | 1 Microsoft | 1 Outlook Express | 2008-09-10 | 5.0 MEDIUM | N/A |
| Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client. | |||||
| CVE-2000-0106 | 1 Easycart | 1 Easycart | 2008-09-10 | 7.5 HIGH | N/A |
| The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0107 | 1 Debian | 1 Debian Linux | 2008-09-10 | 7.2 HIGH | N/A |
| Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. | |||||
| CVE-2000-0108 | 1 Intelligent Vending Systems | 1 Intellivend | 2008-09-10 | 7.5 HIGH | N/A |
| The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0109 | 1 Comstock | 1 Multicsp | 2008-09-10 | 10.0 HIGH | N/A |
| The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords. | |||||
| CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2008-09-10 | 7.5 HIGH | N/A |
| The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0111 | 1 Avt | 1 Rightfax | 2008-09-10 | 7.5 HIGH | N/A |
| The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. | |||||
| CVE-2000-0114 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | |||||
| CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. | |||||
| CVE-2000-0116 | 1 Checkpoint | 1 Firewall-1 | 2008-09-10 | 7.5 HIGH | N/A |
| Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. | |||||
| CVE-2000-0117 | 1 Sun | 3 Cobalt Raq, Cobalt Raq 2, Cobalt Raq 3i | 2008-09-10 | 7.2 HIGH | N/A |
| The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). | |||||
| CVE-2000-0123 | 1 Filemaker | 1 Filemaker | 2008-09-10 | 7.5 HIGH | N/A |
| The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2000-0124 | 1 Surfcontrol | 1 Superscout | 2008-09-10 | 2.1 LOW | N/A |
| surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. | |||||
| CVE-2000-0125 | 1 Wired Community Software | 1 Wwwthreads | 2008-09-10 | 7.5 HIGH | N/A |
| wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums. | |||||
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | |||||
| CVE-2000-0127 | 1 Progress | 1 Webspeed | 2008-09-10 | 7.5 HIGH | N/A |
| The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | |||||
| CVE-2000-0128 | 1 Daniel Beckham | 1 The Finger Server | 2008-09-10 | 10.0 HIGH | N/A |
| The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. | |||||
| CVE-1999-1134 | 1 Hp | 1 Hp-ux | 2008-09-10 | 7.2 HIGH | N/A |
| Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066. | |||||
| CVE-1999-1169 | 1 Flavio Veloso | 1 Nobo | 2008-09-10 | 5.0 MEDIUM | N/A |
| nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets. | |||||
| CVE-1999-1174 | 1 Iomega | 1 Zip 100 Mb Drive | 2008-09-10 | 4.6 MEDIUM | N/A |
| ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk. | |||||
| CVE-1999-1180 | 1 Oreilly | 2 Website, Website Pro | 2008-09-10 | 5.0 MEDIUM | N/A |
| O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat. | |||||
| CVE-1999-1298 | 1 Freebsd | 1 Freebsd | 2008-09-10 | 7.5 HIGH | N/A |
| Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources. | |||||
| CVE-1999-1310 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1022. Reason: This candidate is a duplicate of CVE-1999-1022. Notes: All CVE users should reference CVE-1999-1022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-1999-1314 | 1 Freebsd | 1 Freebsd | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands. | |||||
| CVE-1999-1319 | 1 Sgi | 1 Irix | 2008-09-10 | 10.0 HIGH | N/A |
| Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations. | |||||
| CVE-1999-1329 | 1 Redhat | 1 Linux | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges. | |||||
| CVE-1999-1331 | 1 Redhat | 1 Linux | 2008-09-10 | 2.1 LOW | N/A |
| netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. | |||||
| CVE-1999-1403 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2008-09-10 | 7.2 HIGH | N/A |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. | |||||
| CVE-1999-1404 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly. | |||||
| CVE-1999-1416 | 1 Inso | 1 Dwhttpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length. | |||||
| CVE-1999-1417 | 1 Inso | 1 Answerbook2 | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged. | |||||
| CVE-1999-1444 | 1 Computer Software Manufaktur | 1 Alibaba | 2008-09-10 | 5.0 MEDIUM | N/A |
| genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext. | |||||
| CVE-1999-1450 | 1 Sco | 2 Openserver, Unixware | 2008-09-10 | 7.5 HIGH | N/A |
| Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges. | |||||
| CVE-1999-1457 | 1 Thttpd | 1 Thttpd Http Server | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function. | |||||
| CVE-1999-1468 | 4 Cray, Next, Sgi and 1 more | 4 Unicos, Next, Irix and 1 more | 2008-09-10 | 6.2 MEDIUM | N/A |
| rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. | |||||
| CVE-2000-0001 | 1 Realnetworks | 1 Realserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. | |||||
| CVE-2000-0155 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-10 | 7.2 HIGH | N/A |
| Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2008-09-10 | 7.1 HIGH | N/A |
| The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | |||||
| CVE-2002-1401 | 1 Postgresql | 1 Postgresql | 2008-09-10 | 6.5 MEDIUM | N/A |
| Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow. | |||||
| CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-10 | 6.5 MEDIUM | N/A |
| Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | |||||
| CVE-2007-2975 | 1 Ignite Realtime | 1 Openfire | 2008-09-10 | 7.5 HIGH | N/A |
| The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. | |||||
| CVE-2008-3440 | 1 Sun | 1 Java | 2008-09-10 | 7.5 HIGH | N/A |
| Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-1999-0821 | 1 Freebsd | 1 Freebsd | 2008-09-09 | 4.6 MEDIUM | N/A |
| FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument. | |||||
| CVE-1999-0822 | 1 Qualcomm | 1 Qpopper | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. | |||||
| CVE-1999-0823 | 1 Freebsd | 1 Freebsd | 2008-09-09 | 4.6 MEDIUM | N/A |
| Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. | |||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2008-09-09 | 4.6 MEDIUM | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||||