Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1108 | 1 Nmdeluxe | 1 Nmdeluxe | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2005-4338 | 1 Blackboard | 1 Academic Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
|
|||||
| CVE-2001-0958 | 1 Trend Micro | 2 Interscan Emanager, Interscan Viruswall | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.
|
|||||
| CVE-2005-2727 | 1 Ari Pikivirta | 1 Home Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst.
|
|||||
| CVE-2006-3285 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).
|
|||||
| CVE-2002-0044 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Enscript, Linux | 2025-04-03 | 3.6 LOW | N/A |
|
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
|
|||||
| CVE-2004-0404 | 1 Psionic | 1 Logcheck | 2025-04-03 | 1.2 LOW | N/A |
|
logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.
|
|||||
| CVE-2004-1360 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
|
|||||
| CVE-2006-4440 | 1 Ay System Solutions | 1 Ay System Solutions Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter.
|
|||||
| CVE-2000-0440 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
|
|||||
| CVE-2002-0821 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.
|
|||||
| CVE-2005-0243 | 1 Yahoo | 1 Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
|
|||||
| CVE-2005-4016 | 1 Widget Press | 1 Widget Property | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php.
|
|||||
| CVE-2001-0304 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request.
|
|||||
| CVE-1999-1337 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 4.6 MEDIUM | N/A |
|
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
|
|||||
| CVE-2001-1434 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
|
|||||
| CVE-2006-4230 | 1 Lizge | 1 Lizge Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
|
|||||
| CVE-2004-1906 | 1 Mcafee | 1 Freescan | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.
|
|||||
| CVE-2005-3163 | 1 Polipo | 1 Polipo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.
|
|||||
| CVE-2006-1971 | 1 Krankikom | 1 Contentboxx | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2001-1443 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
|
|||||
| CVE-2005-1584 | 1 Open Solution | 1 Quick.forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
|
|||||
| CVE-2000-0091 | 1 Inter7 | 1 Vpopmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
|
|||||
| CVE-2006-4184 | 1 Smartline | 1 Devicelock | 2025-04-03 | 4.9 MEDIUM | N/A |
|
SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information.
|
|||||
| CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.
|
|||||
| CVE-2002-0584 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet.
|
|||||
| CVE-2004-0604 | 2 Gentoo, Gift-fasttrack | 2 Linux, Gift-fasttrack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.
|
|||||
| CVE-2005-2849 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
|
|||||
| CVE-2006-4942 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
|
|||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2025-04-03 | 3.6 LOW | N/A |
|
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
|
|||||
| CVE-2005-1739 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
|
|||||
| CVE-2005-0491 | 1 Knox Software | 1 Arkeia Server Backup | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
|
|||||
| CVE-1999-0730 | 1 Debian | 1 Debian Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
|
|||||
| CVE-2002-0356 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.
|
|||||
| CVE-2001-1551 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.
|
|||||
| CVE-1999-0723 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.1 HIGH | N/A |
|
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
|
|||||
| CVE-2006-0895 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php.
|
|||||
| CVE-2005-3818 | 1 Vtiger | 1 Vtiger Crm | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
|
|||||
| CVE-2000-0418 | 1 Cayman | 2 3220-h Dsl Router, Gatorsurf | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.
|
|||||
| CVE-2002-2142 | 1 Bea | 2 Weblogic Integration, Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
|
|||||