Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1500 | 1 True North | 1 Internet Anywhere Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments.
|
|||||
| CVE-2004-1254 | 1 Rarlab | 1 Winrar | 2025-04-03 | 10.0 HIGH | N/A |
|
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.
|
|||||
| CVE-2005-0934 | 1 Wackowiki | 1 Wackowiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2004-1929 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
|
|||||
| CVE-2000-0838 | 1 Fastream | 1 Fur Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.
|
|||||
| CVE-2004-0672 | 1 Netegrity | 2 Identityminder, Policy Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
|
|||||
| CVE-2004-1330 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
|
|||||
| CVE-2004-1833 | 1 Borland Software | 1 Interbase | 2025-04-03 | 7.5 HIGH | N/A |
|
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
|
|||||
| CVE-2006-3827 | 1 Kailash Nadh | 1 Boastmachine | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
|
|||||
| CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
|
|||||
| CVE-2005-4492 | 1 Starphire Technologies | 5 Sitesage, Sitesage-ee, Sitesage-le and 2 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter.
|
|||||
| CVE-2003-1125 | 1 Sun | 1 One Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
|
|||||
| CVE-2000-0280 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
|
|||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
|
VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.
|
|||||
| CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
|
|||||
| CVE-2003-0213 | 1 Poptop | 1 Pptp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
|
|||||
| CVE-2001-1162 | 2 Hp, Samba | 2 Cifs-9000 Server, Samba | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
|
|||||
| CVE-2001-1111 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.
|
|||||
| CVE-1999-1431 | 1 Microsoft | 1 Zero Administration Kit | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory, and changing the name to that for an allowed application, such as Winword.exe.
|
|||||
| CVE-2005-4138 | 1 Thwboard | 1 Thwboard Beta | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php.
|
|||||
| CVE-2005-2637 | 1 Phpfreenews | 1 Phpfreenews | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
|
|||||
| CVE-1999-1060 | 1 Tetrix | 1 Tetrinet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname.
|
|||||
| CVE-1999-0841 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
|
|||||
| CVE-2006-1667 | 1 Crafty Syntax Image Gallery | 1 Crafty Syntax Image Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.
|
|||||
| CVE-2002-0512 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
|
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
|
|||||
| CVE-2006-2717 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue.
|
|||||
| CVE-2006-1099 | 1 Logit | 1 Logit | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2001-0621 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | 7.5 HIGH | N/A |
|
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
|
|||||
| CVE-2006-3177 | 1 Bible Portal Project | 1 Bible Portal Project | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter.
|
|||||
| CVE-2002-0262 | 1 Sybex | 1 E-trainer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-1999-0190 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
|
|||||
| CVE-2006-0524 | 1 Ashwebstudio | 1 Ashnews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2003-0394 | 1 Blnews | 1 Blnews | 2025-04-03 | 7.5 HIGH | N/A |
|
objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site.
|
|||||
| CVE-1999-0263 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Solaris SUNWadmap can be exploited to obtain root access.
|
|||||
| CVE-2003-0607 | 1 Stanley T. Shebs | 1 Xconq | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the (1) USER or (2) DISPLAY environment variables.
|
|||||
| CVE-2005-4653 | 1 Al-caricatier | 1 Al-caricatier | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument.
|
|||||
| CVE-2006-1182 | 1 Adobe | 2 Document Server, Graphics Server | 2025-04-03 | 2.6 LOW | N/A |
|
Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.
|
|||||
| CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
|
|||||
| CVE-2005-4580 | 1 Day | 1 Communique | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search.
|
|||||
| CVE-2002-0301 | 1 Citrix | 1 Nfuse | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
|
|||||