Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1987 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
|
|||||
| CVE-2002-2132 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
|
|||||
| CVE-2004-0734 | 1 Extropia | 1 Extropia Webstore | 2025-04-03 | 7.5 HIGH | N/A |
|
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
|
|||||
| CVE-2005-1692 | 1 Xine | 1 Gxine | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.
|
|||||
| CVE-2004-1726 | 1 John Bradley | 1 Xv | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
|
|||||
| CVE-1999-0749 | 1 Microsoft | 2 Windows 95, Windows 98 | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
|
|||||
| CVE-2000-0987 | 1 Oracle | 2 Internet Directory, Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
|
|||||
| CVE-2005-1646 | 1 Fastream | 1 Netfile Ftp Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.
|
|||||
| CVE-2000-0613 | 1 Cisco | 1 Pix Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
|
|||||
| CVE-2001-0529 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.2 HIGH | N/A |
|
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
|
|||||
| CVE-2006-1977 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters.
|
|||||
| CVE-2006-1446 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked.
|
|||||
| CVE-2006-4918 | 1 Simple Discussion Board | 1 Simple Discussion Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.
|
|||||
| CVE-2005-1681 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.
|
|||||
| CVE-2004-2213 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
|
|||||
| CVE-2005-2988 | 1 Hp | 1 Laserjet 2430 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP.
|
|||||
| CVE-2004-2372 | 1 Bochs Project | 1 Bochs | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.
|
|||||
| CVE-2006-2478 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
|
|||||
| CVE-2006-2843 | 1 Redaxo | 1 Redaxo | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
|
|||||
| CVE-2006-3487 | 1 Virtuastore | 1 Virtuastore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb.
|
|||||
| CVE-2005-3089 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.
|
|||||
| CVE-2003-1106 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
|
|||||
| CVE-2005-3518 | 1 Punbb | 1 Punbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.
|
|||||
| CVE-2006-0571 | 1 Hinton Design | 1 Phpstatus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.
|
|||||
| CVE-1999-0235 | 1 Ncsa | 1 Ncsa Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
|
|||||
| CVE-2003-0734 | 1 Padl Software | 1 Pam Ldap | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
|
|||||
| CVE-2004-0833 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
|
|||||
| CVE-2006-1456 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.
|
|||||
| CVE-2001-0670 | 4 Bsd, Freebsd, Netbsd and 1 more | 4 Bsd, Freebsd, Netbsd and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
|
|||||
| CVE-2006-2212 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.
|
|||||
| CVE-2001-1131 | 1 Whitsoft Development | 1 Slimftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
|
|||||
| CVE-2005-2263 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
|
|||||
| CVE-2002-2072 | 1 Sun | 1 Jre | 2025-04-03 | 5.0 MEDIUM | N/A |
|
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
|
|||||
| CVE-2001-0069 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2004-2594 | 1 Id Software | 1 Quake Ii Server Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
|
|||||
| CVE-2005-4287 | 1 Marmaraweb | 1 Marmaraweb E-commerce | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php.
|
|||||
| CVE-2004-1435 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK).
|
|||||
| CVE-2000-1080 | 2 Id Software, J. P. Grossman | 2 Quake, Proquake | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
|
|||||
| CVE-2003-1275 | 1 Microsoft | 1 Pocket Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
|
|||||
| CVE-2006-0473 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
|
|||||