Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1113 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
|
|||||
| CVE-2005-2081 | 1 Digium | 1 Asterisk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
|
|||||
| CVE-2001-1310 | 1 Ibm | 1 Secureway Directory | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2002-0893 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.
|
|||||
| CVE-2004-2671 | 1 Endonesia | 1 Endonesia | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters.
|
|||||
| CVE-2003-0317 | 1 Iisprotect | 1 Iisprotect | 2025-04-03 | 7.5 HIGH | N/A |
|
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.
|
|||||
| CVE-2005-3053 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.
|
|||||
| CVE-2001-0292 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
|
|||||
| CVE-2002-1272 | 1 Alcatel | 1 Aos | 2025-04-03 | 10.0 HIGH | N/A |
|
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
|
|||||
| CVE-2005-4013 | 1 Php Web | 1 Statistik | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.
|
|||||
| CVE-2004-2673 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 9.0 HIGH | N/A |
|
Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.
|
|||||
| CVE-2003-0290 | 1 Etype | 1 Eserv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
|
|||||
| CVE-2002-1067 | 1 Seh | 1 Ic9 Pocket Print Server Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Administrative web interface for IC9 Pocket Print Server Firmware 7.1.30 and 7.1.36f allows remote attackers to cause a denial of service (reboot and reset) via a long password, possibly due to a buffer overflow.
|
|||||
| CVE-2005-3327 | 1 Network Appliance | 1 Data Ontap | 2025-04-03 | 7.5 HIGH | N/A |
|
Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.
|
|||||
| CVE-2004-1426 | 1 Korweblog | 1 Korweblog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter.
|
|||||
| CVE-2002-2128 | 1 W-agora | 1 W-agora | 2025-04-03 | 4.6 MEDIUM | N/A |
|
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.
|
|||||
| CVE-2006-4212 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2006-1362 | 1 Mini-nuke | 1 Mini-nuke Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870.
|
|||||
| CVE-2006-1224 | 1 Guppy | 1 Guppy | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.
|
|||||
| CVE-2002-0589 | 1 Steve Korbett | 1 Pvote | 2025-04-03 | 7.5 HIGH | N/A |
|
PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
|
|||||
| CVE-2006-2258 | 1 Maxxcode | 1 Maxxschedule | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.
|
|||||
| CVE-1999-0507 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
An account on a router, firewall, or other network device has a guessable password.
|
|||||
| CVE-2006-1203 | 1 Txtforum | 1 Txtforum | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php.
|
|||||
| CVE-1999-0869 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
|
|||||
| CVE-2006-3932 | 1 Gonafish | 1 Linkscaffe | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2001-0090 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
|
|||||
| CVE-2003-1303 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.
|
|||||
| CVE-2006-3943 | 1 Microsoft | 1 Ie | 2025-04-03 | 2.6 LOW | N/A |
|
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
|
|||||
| CVE-2006-1343 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
|
|||||
| CVE-1999-1354 | 1 Softarc | 1 Firstclass Internet Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords in cleartext in the files (1) home.fc for version 5.506, (2) network.fc for version 3.5, or (3) FCCLIENT.LOG when logging is enabled.
|
|||||
| CVE-2000-0004 | 1 Zbsoft | 1 Zbserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.
|
|||||
| CVE-2005-3445 | 1 Oracle | 2 Application Server, Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.
|
|||||
| CVE-2000-0318 | 1 Atrium Software | 1 Mercur Mailserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.
|
|||||
| CVE-2004-0172 | 1 Juan Cespedes | 1 Ltrace | 2025-04-03 | 7.2 HIGH | N/A |
|
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
|
|||||
| CVE-2000-1239 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 9.0 HIGH | N/A |
|
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
|
|||||
| CVE-2006-4860 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.
|
|||||
| CVE-2006-1238 | 1 Dsportal | 1 Dslogin | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.
|
|||||
| CVE-2001-0746 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
|
|||||
| CVE-2006-3372 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.
|
|||||
| CVE-2006-1672 | 1 Cisco | 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
|
|||||