Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0836 | 3 Hp, Mandrakesoft, Redhat | 3 Secure Os, Mandrake Linux, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
|
|||||
| CVE-1999-0168 | 1 Sun | 1 Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.
|
|||||
| CVE-2004-0333 | 4 Gentoo, Openpkg, Uudeview and 1 more | 4 Linux, Openpkg, Uudeview and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
|
|||||
| CVE-2003-1096 | 1 Cisco | 1 Leap | 2025-04-03 | 10.0 HIGH | N/A |
|
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
|
|||||
| CVE-2004-2621 | 1 Nortel | 1 Contivity | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2004-0956 | 3 Oracle, Suse, Ubuntu | 3 Mysql, Suse Linux, Ubuntu Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
|
|||||
| CVE-2005-1106 | 1 Apple | 1 Quicktime Pictureviewer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.
|
|||||
| CVE-2004-2147 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
|
|||||
| CVE-2004-1098 | 3 Mandrakesoft, Roaring Penguin, Suse | 4 Mandrake Linux, Mandrake Linux Corporate Server, Mimedefang and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
|
|||||
| CVE-2000-0255 | 1 Nbase-xyplex | 1 Edgeblaster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.
|
|||||
| CVE-1999-1115 | 1 Hp | 1 Apollo Domain Os | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
|
|||||
| CVE-2004-1497 | 1 Minihttpserver.net | 1 Web Forums Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges.
|
|||||
| CVE-2005-2102 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
|
|||||
| CVE-2001-0282 | 1 Guido Frassetto | 1 Sedum | 2025-04-03 | 10.0 HIGH | N/A |
|
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
|
|||||
| CVE-2006-3935 | 1 Alkacon | 1 Opencms | 2025-04-03 | 6.5 MEDIUM | N/A |
|
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) ...
Show More |
|||||
| CVE-2000-0587 | 1 Glftpd | 1 Glftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
|
|||||
| CVE-2004-0825 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.
|
|||||
| CVE-2005-2204 | 1 Broadcom | 1 Etrust Siteminder | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
|
|||||
| CVE-2005-1138 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.
|
|||||
| CVE-2001-0962 | 1 Ibm | 2 Websphere Application Server, Websphere Commerce Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
|
|||||
| CVE-2001-1444 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 7.5 HIGH | N/A |
|
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
|
|||||
| CVE-2002-1814 | 4 Gnome, Mandrakesoft, Redhat and 1 more | 4 Bonobo, Mandrake Linux, Linux and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
|
|||||
| CVE-2001-0829 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.1 MEDIUM | N/A |
|
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
|
|||||
| CVE-2005-2953 | 1 Miva | 1 Miva Merchant | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.
|
|||||
| CVE-2006-4200 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing.
|
|||||
| CVE-2002-0933 | 1 Datalex | 1 Bookit Consumer | 2025-04-03 | 7.5 HIGH | N/A |
|
Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords in plaintext in a cookie, which could allow remote attackers to gain privileges via Cross-site scripting or sniffing attacks.
|
|||||
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action.
|
|||||
| CVE-2005-1567 | 1 Directtopics | 1 Directtopics | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
|
|||||
| CVE-2002-0436 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
|
|||||
| CVE-2005-1961 | 1 Objectweb | 1 Consortium C-jdbc | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user.
|
|||||
| CVE-2001-0299 | 1 Nokia | 1 Ip440 Firewall Vpn Appliance | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
|
|||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
|
|||||
| CVE-2004-0729 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
|
|||||
| CVE-2006-1101 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
|
|||||
| CVE-2006-2065 | 1 Phpsurveyor | 1 Phpsurveyor | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
|
|||||
| CVE-2006-0752 | 1 Niels Provos | 1 Honeyd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
|
|||||
| CVE-2001-0762 | 1 Su-wrapper | 1 Su-wrapper | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument.
|
|||||
| CVE-2002-0598 | 1 Foundstone | 1 Fscan | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner.
|
|||||
| CVE-2006-4362 | 1 Dieselscripts | 1 Diesel Paid Mail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.
|
|||||
| CVE-2004-1504 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php.
|
|||||