VYPR

CVEs

83,931 total · page 1679 of 1,679

  • CVE-2001-1238HigJul 16, 2001
    risk 0.51cvss 7.8epss 0.01

    Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the…

  • CVE-2001-1042HigJul 2, 2001
    risk 0.49cvss 7.5epss 0.03

    Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

  • CVE-2001-1043HigJul 1, 2001
    risk 0.49cvss 7.5epss 0.03

    ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

  • CVE-2001-1386HigJul 1, 2001
    risk 0.49cvss 7.5epss 0.03

    WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

  • CVE-2001-0334HigJun 27, 2001
    risk 0.50cvss 7.5epss 0.15

    FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

  • CVE-2001-0195HigMar 26, 2001
    risk 0.51cvss 7.8epss 0.00

    sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

  • CVE-2001-0006HigFeb 12, 2001
    risk 0.49cvss 7.1epss 0.03

    The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex"…

  • CVE-2000-0497HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2000-0498HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.02

    Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2000-0499HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2000-0342HigApr 28, 2000
    risk 0.52cvss 7.5epss 0.03

    Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

  • CVE-2000-0258HigApr 12, 2000
    risk 0.50cvss 7.5epss 0.20

    IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

  • CVE-1999-1127HigDec 31, 1999
    risk 0.50cvss 7.5epss 0.18

    Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

  • CVE-1999-1549HigNov 16, 1999
    risk 0.51cvss 7.8epss 0.01

    Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.

  • CVE-1999-0468HigApr 9, 1999
    risk 0.54cvss 8.2epss 0.03

    Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

  • CVE-1999-0632HigJan 1, 1999
    risk 0.48cvss 7.3epss 0.01

    The RPC portmapper service is running.

  • CVE-1999-1568HigJan 1, 1999
    risk 0.49cvss 7.5epss 0.02

    Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

  • CVE-1999-0052HigNov 4, 1998
    risk 0.49cvss 7.5epss 0.02

    IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

  • CVE-1999-1152HigJun 3, 1998
    risk 0.49cvss 7.5epss 0.02

    Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.

  • CVE-1999-0069HigApr 29, 1998
    risk 0.58cvss 8.4epss 0.01

    Solaris ufsrestore buffer overflow.

  • CVE-1999-0012HigFeb 6, 1998
    risk 0.47cvss 7.0epss 0.18

    Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

  • CVE-1999-0013HigJan 22, 1998
    risk 0.55cvss 8.4epss 0.01

    Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.

  • CVE-1999-0239HigJan 1, 1998
    risk 0.52cvss 7.5epss 0.07

    Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

  • CVE-1999-0029HigJul 16, 1997
    risk 0.58cvss 8.4epss 0.01

    root privileges via buffer overflow in ordist command on SGI IRIX systems.

  • CVE-1999-0059HigJul 14, 1997
    risk 0.48cvss 7.3epss 0.02

    IRIX fam service allows an attacker to obtain a list of all files on the server.

  • CVE-1999-0036HigMay 26, 1997
    risk 0.58cvss 8.4epss 0.01

    IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

  • CVE-1999-0039HigMay 6, 1997
    risk 0.52cvss 7.3epss 0.16

    webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-1999-0236HigJan 1, 1997
    risk 0.54cvss 7.5epss 0.26

    ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-1999-0084HigMay 1, 1990
    risk 0.55cvss 8.4epss 0.00

    Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.