Lucene search
+L

297 matches found

OSV
OSV
added 2003/02/19 5:0 a.m.11 views

CVE-2002-1348

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies...

6.2AI score
Exploits0References11
NVD
NVD
added 2002/12/31 5:0 a.m.18 views

CVE-2002-1800

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password...

7.5CVSS7.7AI score0.01358EPSS
Exploits0References3
NVD
NVD
added 2002/12/31 5:0 a.m.12 views

CVE-2002-1874

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect...

10CVSS7.7AI score0.03288EPSS
Exploits0References4
NVD
NVD
added 2002/12/18 5:0 a.m.16 views

CVE-2002-1338

The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...

5CVSS6.5AI score0.23436EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2002/11/18 12:0 a.m.62 views

TFTPD32 2.50 - Arbitrary File Download/Upload

source: https://www.securityfocus.com/bid/6198/info A vulnerability has been discovered in Tftpd32 which allows a remote attacker to download and upload arbitrary system files. The ability to upload system files may allow an attacker to replaced key system files with trojaned copies, used to open...

7.4AI score
Exploits0
NVD
NVD
added 2002/10/11 4:0 a.m.21 views

CVE-2002-1152

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing...

7.5CVSS6.6AI score0.01625EPSS
Exploits0References5
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.16 views

CVE-2002-0614

PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...

6.5AI score0.02421EPSS
Exploits0References3
NVD
NVD
added 2002/03/08 5:0 a.m.19 views

CVE-2002-0067

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcpport 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions...

7.5CVSS6.7AI score0.03651EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2001/12/09 12:0 a.m.35 views

kebi-webmail_vul.txt

kebi-Webmail Solution vulnerability Tested by secret e-mail: [email protected] Summary : Get webmail server's admin competence by remote attack in kebi-Webmail Solution. Platform: Attacker platform : All Operating Systems + Web browser Target platform: All kebi Webmail solution loading server ke...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/07/22 12:0 a.m.30 views

Sambar Server 4.4/5.0 - 'pagecount' File Overwrite

source: https://www.securityfocus.com/bid/3091/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar WWW Server is bundled with a sample script'pagecount' which creates temporary files on the host. However, it is possible for a remote attacker to craft ...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/05/04 12:0 a.m.44 views

Potential DOS Vulnerability in WFTPD

----- Begin Hush Signed Message from [email protected] ----- Potential DOS Vulnerability in WFTPD Overview WFTPD v3.00R5 is an ftp server available from http://www.wftpd.com and http://www.download.com. A potential denial-of-service vulnerability exists which allows a remote attacker to hang...

0.3AI score
Exploits0
NVD
NVD
added 2001/05/03 4:0 a.m.12 views

CVE-2001-0292

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id UID and calling user.php with the saveuser operator...

7.5CVSS6.8AI score0.02378EPSS
Exploits1References1
security_vulns
security_vulns
added 2000/12/04 12:0 a.m.37 views

unsafe fgets() in qpopper

Topic: unix mailbox parsing trouble in qpopper Software affected: qpopper 3.0 fc2 and probably others Description: malicious user can remotely post message with spoofed or incorrect headers including "Received:" one and in some cases bypass virus checking. This can be used for sending trojans or ...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2000/09/04 12:0 a.m.44 views

Immunix OS 6.2 - LC glibc format string

/ source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to the...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.28 views

CVE-2000-0086

Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing...

6.6AI score0.0137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 1999/08/31 12:0 a.m.26 views

ProFTPD 1.2.0pre4 mkdir Command Directory Name Handling Remote Overflow

It was possible to crash the remote FTP server by creating a large number of nested directories and then trying to upload a file. This issue is known to affect ProFTPD, although other FTP servers may be affected as well. It is likely that a remote attacker can leverage this issue to execute...

10CVSS5.8AI score0.38054EPSS
Exploits0References2
NVD
NVD
added 1999/03/22 5:0 a.m.32 views

CVE-1999-0428

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls...

7.5CVSS6.7AI score0.03234EPSS
Exploits0References1
Rows per page
Query Builder