Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0565 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A Sendmail alias allows input to be piped to a program.
|
|||||
| CVE-2002-1095 | 1 Cisco | 3 Secure Access Control Server, Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
|
|||||
| CVE-2004-2295 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2002-1313 | 1 Nullmailer | 1 Nullmailer | 2025-04-03 | 2.1 LOW | N/A |
|
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
|
|||||
| CVE-2004-1794 | 1 Vcard4j | 1 Vcard4j | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard.
|
|||||
| CVE-1999-1423 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
|
|||||
| CVE-2006-0912 | 1 Oreka | 1 Oreka | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence."
|
|||||
| CVE-2002-0959 | 1 Splatt | 1 Splatt Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.
|
|||||
| CVE-1999-1211 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.
|
|||||
| CVE-2002-0506 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
|
|||||
| CVE-2006-1349 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
|
|||||
| CVE-2006-4044 | 1 Brad Fears | 1 Phpcodecabinet | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.
|
|||||
| CVE-2006-2438 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid.
|
|||||
| CVE-2004-0312 | 1 Linksys | 1 Wap55ag | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
|
|||||
| CVE-2001-1516 | 1 Hans Wolters | 1 Phpreview | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews.
|
|||||
| CVE-2006-4638 | 1 Acgv News | 1 Acgv News | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.
|
|||||
| CVE-2001-0267 | 1 Hp | 1 Mpe Ix | 2025-04-03 | 7.2 HIGH | N/A |
|
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.
|
|||||
| CVE-2005-0794 | 1 Zpanel | 1 Zpanel | 2025-04-03 | 6.4 MEDIUM | N/A |
|
ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php.
|
|||||
| CVE-1999-1534 | 1 Knox Software | 1 Arkeia | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable.
|
|||||
| CVE-2000-0793 | 2 Novell, Symantec | 2 Client, Norton Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
|
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
|
|||||
| CVE-2003-0620 | 1 Andries Brouwer | 1 Man | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
|
|||||
| CVE-2002-0173 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.
|
|||||
| CVE-1999-0460 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
|
|||||
| CVE-2001-0261 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
|
|||||
| CVE-2006-1036 | 1 Oracle | 1 Diagnostics | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions."
|
|||||
| CVE-2003-1139 | 1 Musicqueue | 1 Musicqueue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
|
|||||
| CVE-2002-1673 | 1 Webmin | 1 Webmin | 2025-04-03 | 3.6 LOW | N/A |
|
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
|
|||||
| CVE-2002-2221 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
|
|||||
| CVE-2002-2056 | 1 Teekai | 1 Teekai Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows remote attackers to inject arbitrary web script or HTML via the valid_username_online cookie.
|
|||||
| CVE-2003-1188 | 1 Unichat | 1 Unichat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit.
|
|||||
| CVE-2006-2332 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash.
|
|||||
| CVE-2006-0329 | 1 Hitachi | 1 Hitsenser Data Mart Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2004-0065 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
|
|||||
| CVE-2004-1229 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.
|
|||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
|
|||||
| CVE-2004-2435 | 1 Peoplesoft | 1 Hrms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts.
|
|||||
| CVE-2002-1694 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
|
|||||
| CVE-2000-0064 | 1 Nortel | 1 Contivity | 2025-04-03 | 5.0 MEDIUM | N/A |
|
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.
|
|||||
| CVE-2001-0700 | 1 W3m | 1 W3m | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
|
|||||
| CVE-2005-3677 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
|
|||||