Latest CVE Feed
-
7.5
HIGHCVE-2002-0010
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter i... Read more
Affected Products : bugzilla- EPSS Score: %3.71
- Published: Jan. 31, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1457
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable.... Read more
Affected Products : crazywwwboard- EPSS Score: %6.03
- Published: Jan. 30, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-1999-1091
UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack.... Read more
- EPSS Score: %0.52
- Published: Jan. 15, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-1999-1081
Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.... Read more
Affected Products : web_server- EPSS Score: %1.77
- Published: Jan. 15, 2002
- Modified: Apr. 03, 2025
-
1.2
LOWCVE-2001-0887
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.... Read more
- EPSS Score: %0.08
- Published: Jan. 15, 2002
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-0077
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the pop... Read more
Affected Products : internet_explorer- EPSS Score: %8.14
- Published: Jan. 13, 2002
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2003-0061
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.... Read more
Affected Products : hp-ux- EPSS Score: %0.08
- Published: Jan. 11, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1596
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers.... Read more
Affected Products : sn_5420_storage_router_firmware- EPSS Score: %0.84
- Published: Jan. 09, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1595
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.... Read more
Affected Products : sn_5420_storage_router_firmware- EPSS Score: %0.39
- Published: Jan. 09, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1600
Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter.... Read more
Affected Products : my_classifieds- EPSS Score: %1.16
- Published: Jan. 09, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2002-1597
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface.... Read more
Affected Products : sn_5420_storage_router_firmware- EPSS Score: %1.00
- Published: Jan. 09, 2002
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2002-1594
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.... Read more
- EPSS Score: %0.14
- Published: Jan. 02, 2002
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1511
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".... Read more
Affected Products : jrun- EPSS Score: %0.59
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1515
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.... Read more
Affected Products : windows_2000- EPSS Score: %0.78
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2001-1487
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.... Read more
Affected Products : qpopper- EPSS Score: %0.11
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1554
IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.... Read more
Affected Products : aix- EPSS Score: %0.79
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2001-1568
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.... Read more
Affected Products : wap_gateway- EPSS Score: %0.18
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1491
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.... Read more
Affected Products : opera_web_browser- EPSS Score: %4.72
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2001-1546
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.... Read more
Affected Products : pathways_homecare- EPSS Score: %0.11
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1537
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.... Read more
Affected Products : twig- EPSS Score: %0.20
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025