Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1593 | 1 Codethat | 1 Shoppingcart | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2005-4683 | 1 Padl Software | 1 Migrationtools | 2025-04-03 | 2.1 LOW | N/A |
|
PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.
|
|||||
| CVE-2002-1787 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2002-2121 | 1 Surfcontrol | 1 Superscout Email Filter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due to a buffer overflow.
|
|||||
| CVE-2000-0760 | 1 Apache | 1 Tomcat | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
|
|||||
| CVE-1999-0134 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
vold in Solaris 2.x allows local users to gain root access.
|
|||||
| CVE-2005-0625 | 1 Debian | 1 Reportbug | 2025-04-03 | 2.1 LOW | N/A |
|
reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.
|
|||||
| CVE-2005-0608 | 1 Webmod | 1 Webmod | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent.
|
|||||
| CVE-2006-0891 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php.
|
|||||
| CVE-2005-0522 | 1 Lionmax Software | 1 Chat Anywhere | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges.
|
|||||
| CVE-2002-2021 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2002-1336 | 1 Tightvnc | 1 Tightvnc | 2025-04-03 | 7.5 HIGH | N/A |
|
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
|
|||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
|
|||||
| CVE-2006-1850 | 1 Skymarx Solutions | 1 Xflow | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.
|
|||||
| CVE-2002-0027 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
|
|||||
| CVE-2006-3202 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.
|
|||||
| CVE-2006-4992 | 1 Joomla | 1 Jd-wordpress | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
|
|||||
| CVE-2004-0428 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
|
|||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter.
|
|||||
| CVE-2001-0975 | 1 Oracle | 1 Internet Directory | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2006-4953 | 1 Neosys | 1 Neon Webmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.
|
|||||
| CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2025-04-03 | 4.6 MEDIUM | N/A |
|
FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.
|
|||||
| CVE-2006-0345 | 1 Saral Kaushik | 1 Saralblog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058.
|
|||||
| CVE-2006-4382 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
|
|||||
| CVE-2001-1156 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
|
|||||
| CVE-1999-1417 | 1 Inso | 1 Answerbook2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged.
|
|||||
| CVE-2006-1418 | 1 Caloris Planitia Technologies | 1 E-school Management System | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2006-0611 | 1 Atmail | 1 Atmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.
|
|||||
| CVE-2001-0634 | 1 Sun | 1 Chilisoft | 2025-04-03 | 7.2 HIGH | N/A |
|
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
|
|||||
| CVE-2004-0317 | 1 Platform | 1 Lsf | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter.
|
|||||
| CVE-2006-0013 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
|
|||||
| CVE-2006-4233 | 1 Globus | 1 Globus Toolkit | 2025-04-03 | 3.6 LOW | N/A |
|
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
|
|||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2025-04-03 | 2.1 LOW | N/A |
|
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
|
|||||
| CVE-2001-1083 | 1 Icecast | 1 Icecast | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
|
|||||
| CVE-2000-0224 | 1 Sco | 1 Unixware | 2025-04-03 | 1.2 LOW | N/A |
|
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
|
|||||
| CVE-2002-0288 | 1 Bbshareware.com | 1 Phusion Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
|
|||||
| CVE-2003-0092 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
|
|||||
| CVE-2002-1766 | 1 Netscape | 1 Communicator | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
|
|||||
| CVE-1999-1371 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.
|
|||||
| CVE-2005-0446 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.
|
|||||