Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1351 | 1 Namazu | 1 Namazu | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.
|
|||||
| CVE-2004-0655 | 1 Esearch | 1 Emerge Search Tool | 2025-04-03 | 7.2 HIGH | N/A |
|
eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file.
|
|||||
| CVE-2006-0745 | 5 Mandrakesoft, Redhat, Sun and 2 more | 6 Mandrake Linux, Fedora Core, Solaris and 3 more | 2025-04-03 | 7.2 HIGH | N/A |
|
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
|
|||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
|
|||||
| CVE-2005-4081 | 1 Alisveristr | 1 Alisveristr E-commerce | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages.
|
|||||
| CVE-2001-0283 | 1 Sun | 1 Sun Ftp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
|
|||||
| CVE-2000-0827 | 1 Mobius | 1 Documentdirect For The Internet | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long username.
|
|||||
| CVE-1999-0769 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
|
|||||
| CVE-2003-1016 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients.
|
|||||
| CVE-2006-3593 | 1 Cisco | 1 Unified Callmanager | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.
|
|||||
| CVE-2003-0650 | 1 Gamespy | 1 Arcade | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file.
|
|||||
| CVE-2002-1366 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
|
|||||
| CVE-2001-0192 | 1 Davide Libenzi | 1 Xmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.
|
|||||
| CVE-2006-3602 | 1 Farsinews | 1 Farsinews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the advanced theme.
|
|||||
| CVE-2001-1416 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
|
|||||
| CVE-2006-4158 | 1 Spaminator | 1 Spaminator | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2006-3797 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
|
|||||
| CVE-2005-1149 | 1 Acnews | 1 Acnews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
|||||
| CVE-2004-0388 | 1 Oracle | 1 Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2001-1330 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2002-0543 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
|
|||||
| CVE-2006-1425 | 1 Phpmyfamily | 1 Phpmyfamily | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
|||||
| CVE-2003-0276 | 1 Pi3 | 1 Pi3web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
|
|||||
| CVE-2002-1306 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
|
|||||
| CVE-2005-4303 | 1 Indexcor | 1 Ezdatabase | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
|
|||||
| CVE-2004-0507 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2005-3513 | 1 Vubb | 1 Vubb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote (').
|
|||||
| CVE-2003-0556 | 1 Polycom | 3 Mgc-100, Mgc-25, Mgc-50 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.
|
|||||
| CVE-2003-1252 | 1 Kelli Shaver | 1 S8forum | 2025-04-03 | 7.5 HIGH | N/A |
|
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
|
|||||
| CVE-2002-2183 | 1 Phpshare | 1 Phpshare | 2025-04-03 | 7.5 HIGH | N/A |
|
phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to include and execute arbitrary PHP scripts from remote servers.
|
|||||
| CVE-1999-0774 | 1 Martin Stover | 1 Mars Nwe | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.
|
|||||
| CVE-2006-3393 | 1 Electronic Arts | 1 Nascar Racing | 2025-04-03 | 7.8 HIGH | N/A |
|
Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket.
|
|||||
| CVE-2004-1143 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
|
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
|
|||||
| CVE-2005-2251 | 1 Secure Reality | 1 Phpsecurepages | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.
|
|||||
| CVE-2005-0357 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2025-04-03 | 7.5 HIGH | N/A |
|
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
|
|||||
| CVE-2004-0029 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
|
|||||
| CVE-2005-1997 | 1 Mcgallery | 1 Mcgallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter.
|
|||||
| CVE-2003-0412 | 1 Sun | 1 One Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.
|
|||||
| CVE-2006-0546 | 1 Egeinternet | 1 Egeinternet | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE.
|
|||||