Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos.
|
|||||
| CVE-2004-1737 | 2 Gentoo, The Cacti Group | 2 Linux, Cacti | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
|
|||||
| CVE-2006-3752 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters.
|
|||||
| CVE-2003-0989 | 1 Redhat | 2 Linux, Tcpdump | 2025-04-03 | 7.5 HIGH | N/A |
|
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
|
|||||
| CVE-2005-1638 | 1 Pixel-apes Group | 1 Safehtml | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.
|
|||||
| CVE-2004-1445 | 1 Nessus | 1 Nessus | 2025-04-03 | 3.7 LOW | N/A |
|
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
|
|||||
| CVE-2006-3102 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
|
|||||
| CVE-2004-2492 | 1 Hitachi | 1 Groupmax World Wide Web Desktop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
|
|||||
| CVE-2006-0338 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, F-secure Personal Express and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.
|
|||||
| CVE-2002-2039 | 1 Qnx | 1 Rtos | 2025-04-03 | 2.1 LOW | N/A |
|
/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.
|
|||||
| CVE-1999-0170 | 1 Digital | 1 Ultrix | 2025-04-03 | 7.5 HIGH | N/A |
|
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.
|
|||||
| CVE-2000-0742 | 1 Microsoft | 2 Windows 95, Windows 98 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
|
|||||
| CVE-2005-1154 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
|
|||||
| CVE-2004-2546 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2006-3807 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
|
|||||
| CVE-2004-1769 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 10.0 HIGH | N/A |
|
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
|
|||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
|
|||||
| CVE-2002-1323 | 5 Redhat, Safe.pm, Sco and 2 more | 9 Enterprise Linux, Linux Advanced Workstation, Safe.pm and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
|
|||||
| CVE-2006-2005 | 1 Clansys | 1 Clansys | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.
|
|||||
| CVE-2005-4342 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.5 HIGH | N/A |
|
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
|
|||||
| CVE-2005-1289 | 1 E-cart | 1 E-cart | 2025-04-03 | 7.5 HIGH | N/A |
|
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
|
|||||
| CVE-2004-0932 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2025-04-03 | 7.5 HIGH | N/A |
|
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
|
|||||
| CVE-2005-0540 | 1 Cyclades | 1 Alterpath Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page.
|
|||||
| CVE-2003-0296 | 1 Ximian | 1 Evolution | 2025-04-03 | 7.5 HIGH | N/A |
|
The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
|
|||||
| CVE-1999-1187 | 3 Freebsd, Slackware, University Of Washington | 3 Freebsd, Slackware Linux, Pine | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.
|
|||||
| CVE-2006-1381 | 1 Trend Micro | 1 Officescan | 2025-04-03 | 10.0 HIGH | N/A |
|
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
|
|||||
| CVE-2005-3268 | 1 Raphael Bossek | 1 Yiff Server | 2025-04-03 | 2.1 LOW | N/A |
|
yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
|
|||||
| CVE-1999-1114 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
|
|||||
| CVE-2005-1826 | 1 Hp | 1 Radia Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.
|
|||||
| CVE-2006-1643 | 1 Interact | 1 Interact | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party.
|
|||||
| CVE-2000-0363 | 1 Suse | 1 Suse Linux | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
|
|||||
| CVE-2005-2985 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter.
|
|||||
| CVE-2005-0919 | 1 Adventia | 2 Adventia Chat, Adventia Server Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.
|
|||||
| CVE-2002-0694 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
|
|||||
| CVE-2005-4364 | 1 Hot Banana | 1 Web Content Management Suite | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
|||||
| CVE-2005-4438 | 1 Dec2rar.dll | 1 Dec2rar.dll | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.
|
|||||
| CVE-2002-1886 | 1 Tightauction | 1 Tightauction | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
|
|||||
| CVE-2002-0835 | 3 Caldera, Hp, Redhat | 4 Openlinux Server, Openlinux Workstation, Secure Os and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
|
|||||
| CVE-2004-2524 | 1 Whm Autopilot | 1 Whm Autopilot | 2025-04-03 | 5.0 MEDIUM | N/A |
|
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
|
|||||
| CVE-2005-3816 | 1 Zoneo-soft | 1 Freeforum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.
|
|||||