Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4532 | 1 Scponly | 1 Scponly | 2025-04-03 | 7.2 HIGH | N/A |
|
scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application.
|
|||||
| CVE-2006-2109 | 1 Jsboard | 1 Jsboard | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.
|
|||||
| CVE-2005-4344 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 2.1 LOW | N/A |
|
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
|
|||||
| CVE-2002-1153 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
|
|||||
| CVE-2005-1715 | 1 Ej3 | 1 Topo | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.
|
|||||
| CVE-2004-0194 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
|
|||||
| CVE-2006-1273 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.8 HIGH | N/A |
|
Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself
|
|||||
| CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
|
|||||
| CVE-2004-0968 | 2 Gnu, Redhat | 3 Glibc, Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 2.1 LOW | N/A |
|
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
|
|||||
| CVE-2000-0240 | 1 Vqsoft | 1 Vqserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.
|
|||||
| CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
|
|||||
| CVE-2006-4292 | 1 Niels Provos | 1 Honeyd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets.
|
|||||
| CVE-2006-3613 | 1 Chamberland Technology | 1 Ezwaiter Online | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php.
|
|||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php.
|
|||||
| CVE-2006-3334 | 1 Greg Roelofs | 1 Libpng | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".
|
|||||
| CVE-2001-1073 | 1 Webridge | 1 Px Application Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
|
|||||
| CVE-2006-4546 | 1 Lyris | 1 List Manager | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter.
|
|||||
| CVE-2005-1565 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.
|
|||||
| CVE-1999-0431 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.
|
|||||
| CVE-2004-2516 | 1 Myserver | 1 Myserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences.
|
|||||
| CVE-2005-3705 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2002-2207 | 1 Eric Rescorla | 1 Ssldump | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.
|
|||||
| CVE-2005-3034 | 1 Compuware | 1 Driverstudio | 2025-04-03 | 7.5 HIGH | N/A |
|
Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session.
|
|||||
| CVE-2006-1194 | 1 Enet | 1 Enet Library | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
|
|||||
| CVE-2002-1536 | 1 Hans Persson | 1 Molly | 2025-04-03 | 7.5 HIGH | N/A |
|
Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl.
|
|||||
| CVE-2004-1030 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2025-04-03 | 2.1 LOW | N/A |
|
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
|
|||||
| CVE-2005-1243 | 1 Safestone Technologies | 1 Axcessit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
|
|||||
| CVE-2001-0392 | 1 Navision | 1 Financials Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
|
|||||
| CVE-1999-1221 | 1 Digital | 1 Unix | 2025-04-03 | 2.1 LOW | N/A |
|
dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
|
|||||
| CVE-2006-4474 | 1 Joomla | 1 Joomla | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
|
|||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
|
|||||
| CVE-2002-1652 | 1 Mit | 1 Cgiemail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
|
|||||
| CVE-2005-2381 | 1 Php Surveyor | 1 Php Surveyor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php, (2) survey.php, or (3) group.php in the root directory, a direct request to (4) database.php, (5) sessioncontrol.php, (6) html.php, (7) sessioncontrol.php, an invalid (8) qid parameter to dumpquestion.php, or an invalid lid parameter to (9) labels.php or (10) dumplabel.php, which reveal the path in an error message.
|
|||||
| CVE-2006-4359 | 1 Trident Software | 1 Powerzip | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.
|
|||||
| CVE-2005-3296 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
|
|||||
| CVE-2005-3320 | 1 Siteturn | 1 Domain Manager Pro | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
|
|||||
| CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
|
|||||
| CVE-1999-1443 | 1 Micah Software | 1 Full Armor | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Micah Software Full Armor Network Configurator and Zero Administration allow local users with physical access to bypass the desktop protection by (1) using <CTRL><ALT><DEL> and kill the process using the task manager, (2) booting the system from a separate disk, or (3) interrupting certain processes that execute while the system is booting.
|
|||||
| CVE-2006-1061 | 1 Daniel Stenberg | 1 Curl | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
|
|||||
| CVE-2005-2639 | 1 Valusoft | 1 Chris Moneymakers World Poker Championship | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
|
|||||