Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
|
|||||
| CVE-2000-0936 | 1 Samba | 1 Samba | 2025-04-03 | 2.1 LOW | N/A |
|
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
|
|||||
| CVE-2005-2541 | 1 Gnu | 1 Tar | 2025-04-03 | 10.0 HIGH | N/A |
|
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
|
|||||
| CVE-1999-1249 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
|
|||||
| CVE-2005-2496 | 1 Dave Mills | 1 Ntpd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
|
|||||
| CVE-2001-0476 | 1 Swsoft | 1 Aspseek | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.
|
|||||
| CVE-2002-2352 | 1 Neosoft | 1 Neobook | 2025-04-03 | 5.8 MEDIUM | N/A |
|
The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs.
|
|||||
| CVE-2001-0713 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
|
|||||
| CVE-2005-1308 | 1 Inter7 | 1 Sqwebmail | 2025-04-03 | 7.5 HIGH | N/A |
|
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
|
|||||
| CVE-2006-4838 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
|
|||||
| CVE-2000-0391 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
|
|||||
| CVE-2005-0967 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
|
|||||
| CVE-2004-0622 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.
|
|||||
| CVE-1999-0181 | 1 Rpc.walld | 1 Rpc.walld | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.
|
|||||
| CVE-1999-0831 | 4 Cobalt, Debian, Sun and 1 more | 6 Qube, Debian Linux, Cobalt Raq and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Linux syslogd via a large number of connections.
|
|||||
| CVE-2005-3455 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities; (7) APPS09, (8) APPS10, and (9) APPS11 in HRMS; (10) APPS12 in Mobile Application Foundation; (11) APPS13 in SDP Number Portability; (12) AP ...
Show More |
|||||
| CVE-1999-1176 | 2 Aaron Ledbetter, Jidentd | 2 Cidentd, Jidentd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script.
|
|||||
| CVE-2006-2311 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.
|
|||||
| CVE-2006-1420 | 1 Arabless | 1 Saphplesson | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
|
|||||
| CVE-1999-0132 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
|
|||||
| CVE-2005-3910 | 1 Post Affiliate Pro | 1 Post Affiliate Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.
|
|||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability.
|
|||||
| CVE-2005-1581 | 1 Eric Fichot | 1 Bug Report | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php.
|
|||||
| CVE-2002-0855 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
|
|||||
| CVE-2000-0798 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.
|
|||||
| CVE-2003-0052 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
|
|||||
| CVE-2001-1119 | 1 Ti Kan | 1 Xmcd | 2025-04-03 | 6.2 MEDIUM | N/A |
|
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2005-0932 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order.
|
|||||
| CVE-2002-1245 | 1 Frank Mcingvale | 1 Luxman | 2025-04-03 | 7.2 HIGH | N/A |
|
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
|
|||||
| CVE-2003-0414 | 1 Sun | 1 One Application Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
|
|||||
| CVE-2000-0333 | 2 Ethereal Group, Lbl | 2 Ethereal, Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
|
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
|
|||||
| CVE-2005-1135 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2002-0860 | 1 Microsoft | 2 Office Web Components, Project | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
|
|||||
| CVE-2006-4102 | 1 Falko Timme And Till Brehm | 1 Sqlitewebadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter.
|
|||||
| CVE-2004-2379 | 1 Calacode | 1 At Mail Webmail System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
|
|||||
| CVE-2006-2963 | 1 It-direkt | 1 Cabacos Web Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.
|
|||||
| CVE-2006-0929 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command.
|
|||||
| CVE-1999-1082 | 1 T. Hauck | 1 Jana Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.
|
|||||
| CVE-2003-0551 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
|
|||||
| CVE-2004-0341 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 2.1 LOW | N/A |
|
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
|
|||||