Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0151 | 1 Xintercepttalk | 1 Xitalk | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands.
|
|||||
| CVE-2005-4672 | 1 Citypost | 1 Simple Image Editor | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter.
|
|||||
| CVE-2006-2086 | 1 Juniper | 1 Junipersetup Control | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.
|
|||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 10.0 HIGH | N/A |
|
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
|
|||||
| CVE-2005-1222 | 1 Netref | 1 Netref | 2025-04-03 | 7.5 HIGH | N/A |
|
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.
|
|||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.
|
|||||
| CVE-2006-1339 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request.
|
|||||
| CVE-2002-1724 | 1 Onlinetools.org | 1 Phpimageview | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPImageView 1.0 allows remote attackers to execute arbitrary script as other users via the pic parameter.
|
|||||
| CVE-2006-3852 | 1 Phptoys | 1 Micro Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields.
|
|||||
| CVE-1999-0975 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
|
|||||
| CVE-2005-1274 | 1 Mysql | 1 Maxdb | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
|
|||||
| CVE-1999-0044 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.
|
|||||
| CVE-2004-1950 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
|
|||||
| CVE-2005-1235 | 1 Phpbb Group | 1 Phpbb-auction | 2025-04-03 | 5.0 MEDIUM | N/A |
|
auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.
|
|||||
| CVE-2004-0831 | 1 Mcafee | 1 Virusscan | 2025-04-03 | 7.2 HIGH | N/A |
|
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.
|
|||||
| CVE-2006-1490 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
|
|||||
| CVE-2005-3945 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-03 | 7.8 HIGH | N/A |
|
The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
|
|||||
| CVE-2006-1960 | 1 Cisco | 1 Wireless Lan Solution Engine | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
|
|||||
| CVE-2003-0906 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
|
|||||
| CVE-2005-2175 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
|
|||||
| CVE-2006-1335 | 1 Gnome | 1 Screensaver | 2025-04-03 | 3.7 LOW | N/A |
|
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
|
|||||
| CVE-2004-0586 | 1 Ibm | 1 Acprunner | 2025-04-03 | 10.0 HIGH | N/A |
|
acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.
|
|||||
| CVE-2006-1134 | 1 Jason Smith | 1 Cyboards Php Lite | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php.
|
|||||
| CVE-2005-0512 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
|
|||||
| CVE-2006-3005 | 1 Gentoo | 2 Linux, Media-libs Jpeg | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
|
|||||
| CVE-2005-2320 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
|
|||||
| CVE-2000-0730 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
|
|||||
| CVE-2000-0291 | 1 Sun | 1 Staroffice | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document.
|
|||||
| CVE-2005-0855 | 1 Coolforum | 1 Coolforum | 2025-04-03 | 10.0 HIGH | N/A |
|
CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.
|
|||||
| CVE-2005-1870 | 1 Popper | 1 Popper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.
|
|||||
| CVE-2000-0378 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
|
|||||
| CVE-1999-0248 | 1 Ssh | 1 Ssh | 2025-04-03 | 10.0 HIGH | N/A |
|
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
|
|||||
| CVE-2002-0830 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.
|
|||||
| CVE-2006-2039 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-1999-0528 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of.
|
|||||
| CVE-2003-0642 | 1 Watchguard | 1 Serverlock | 2025-04-03 | 2.1 LOW | N/A |
|
WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory.
|
|||||
| CVE-1999-1442 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.
|
|||||
| CVE-2005-2561 | 1 Myfaq | 1 Myfaq | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.ph ...
Show More |
|||||
| CVE-2005-2507 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
|
|||||
| CVE-2000-0563 | 1 Apple | 1 Mac Os Runtime For Java | 2025-04-03 | 10.0 HIGH | N/A |
|
The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
|
|||||