Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3883 | 1 Gonafish | 1 Linkscaffe | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php.
|
|||||
| CVE-2006-1196 | 1 David Barrett | 1 Qwikiwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php.
|
|||||
| CVE-2005-3262 | 1 Rarlab | 1 Winrar | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
|
|||||
| CVE-2006-0919 | 1 Oi | 1 Email Marketing System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
|
|||||
| CVE-2000-0072 | 1 Computer Power Solutions | 1 Visual Casel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.
|
|||||
| CVE-2000-0639 | 1 Sean Macguire | 1 Big Brother | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
|
|||||
| CVE-1999-1231 | 1 Ssh | 1 Ssh2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
|
|||||
| CVE-2006-0593 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.
|
|||||
| CVE-2006-2029 | 1 Simplog | 1 Simplog | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
|
|||||
| CVE-2003-0062 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
|
|||||
| CVE-2000-0312 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
|
|||||
| CVE-2001-0890 | 1 Sane | 1 Sane | 2025-04-03 | 2.1 LOW | N/A |
|
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
|
|||||
| CVE-2004-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
|
|||||
| CVE-2006-3996 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
|
|||||
| CVE-2002-0779 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.
|
|||||
| CVE-2003-0547 | 2 Gnome, Redhat | 2 Gdm, Kdebase | 2025-04-03 | 2.1 LOW | N/A |
|
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
|
|||||
| CVE-2002-1110 | 1 Mantis | 1 Mantis | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
|
|||||
| CVE-2006-3333 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.
|
|||||
| CVE-2006-3230 | 1 Azureus Tracker | 1 Azureus Tracker | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2006-4439 | 1 Sun | 1 Solaris | 2025-04-03 | 3.6 LOW | N/A |
|
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
|
|||||
| CVE-2003-1033 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
|
|||||
| CVE-2005-1559 | 1 Neteyes | 1 Nexusway | 2025-04-03 | 10.0 HIGH | N/A |
|
The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.
|
|||||
| CVE-2000-1186 | 1 Phf | 1 Phf | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
|
|||||
| CVE-2002-1071 | 1 Zyxel | 1 Prestige | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set.
|
|||||
| CVE-2004-2381 | 1 Jetty | 1 Jetty Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
|
|||||
| CVE-2002-1417 | 1 Novell | 2 Netware, Small Business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.
|
|||||
| CVE-1999-1553 | 1 Xcmail | 1 Xcmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote attackers to execute arbitrary commands via a long subject line.
|
|||||
| CVE-1999-0302 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.
|
|||||
| CVE-2000-1057 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.
|
|||||
| CVE-2000-0603 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
|
|||||
| CVE-2004-1583 | 1 Tridcomm | 1 Tridcomm | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.
|
|||||
| CVE-2002-1686 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
|
|||||
| CVE-2005-0779 | 1 Platinumftp | 1 Platinumftpserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username.
|
|||||
| CVE-2005-2199 | 1 Skrypty | 1 Ppa Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
|
|||||
| CVE-2005-2934 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2025-04-03 | 2.1 LOW | N/A |
|
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
|
|||||
| CVE-2006-1323 | 1 Webtoolmaster Software | 1 Winhki | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file name contains ".." sequences.
|
|||||
| CVE-2002-0140 | 1 Dnrd | 1 Dnrd | 2025-04-03 | 7.5 HIGH | N/A |
|
Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions.
|
|||||
| CVE-2006-3686 | 1 Hp | 1 Openvms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).
|
|||||
| CVE-2003-0380 | 1 Atftpd | 1 Atftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
|
|||||