Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2267 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
|
|||||
| CVE-2004-0038 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 7.5 HIGH | N/A |
|
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.
|
|||||
| CVE-2006-3156 | 1 Thinkfactory | 1 Ultimate Eshop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter.
|
|||||
| CVE-1999-1313 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands.
|
|||||
| CVE-2002-0833 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.
|
|||||
| CVE-2000-0702 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
|
|||||
| CVE-2002-1593 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
|
|||||
| CVE-2002-2035 | 1 Realityscape | 1 Mylogin 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form.
|
|||||
| CVE-2001-1466 | 1 Van Dyke Technologies | 1 Securecrt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
|
|||||
| CVE-2000-0283 | 1 Sgi | 1 Irix | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
|
|||||
| CVE-2006-2436 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.
|
|||||
| CVE-2004-0186 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2025-04-03 | 7.2 HIGH | N/A |
|
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
|
|||||
| CVE-2005-0854 | 1 Betaparticle | 1 Betaparticle Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
|
|||||
| CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
|
|||||
| CVE-2001-0956 | 1 Speechio | 1 Speechd | 2025-04-03 | 7.2 HIGH | N/A |
|
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2002-0233 | 1 Eshare Communications Inc. | 1 Eshare Expressions | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
|
|||||
| CVE-2004-2506 | 1 Wikindx | 1 Wikindx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.
|
|||||
| CVE-2003-0984 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
|
|||||
| CVE-1999-0271 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
Progressive Networks Real Video server (pnserver) can be crashed remotely.
|
|||||
| CVE-2000-0745 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
|
|||||
| CVE-2006-3833 | 1 Ej3 | 1 Topo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID.
|
|||||
| CVE-2004-0600 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
|
|||||
| CVE-2002-1546 | 1 Brs | 1 Webweaver | 2025-04-03 | 7.5 HIGH | N/A |
|
BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
|
|||||
| CVE-1999-0850 | 1 Endymion | 1 Mailman Webmail | 2025-04-03 | 3.6 LOW | N/A |
|
The default permissions for Endymion MailMan allow local users to read email or modify files.
|
|||||
| CVE-2006-3060 | 1 Webexceluk | 1 P.a.i.d | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page.
|
|||||
| CVE-2003-0280 | 1 Youngzsoft | 1 Cmailserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
|
|||||
| CVE-1999-1123 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
|
|||||
| CVE-2005-3351 | 1 Apache | 1 Spamassassin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
|
|||||
| CVE-2002-2170 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.5 HIGH | N/A |
|
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.
|
|||||
| CVE-2004-1122 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
|
|||||
| CVE-2005-0971 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
|
|||||
| CVE-2004-2569 | 1 David Stes | 1 Ipmenu | 2025-04-03 | 2.1 LOW | N/A |
|
ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.
|
|||||
| CVE-2006-2612 | 1 Novell | 1 Client | 2025-04-03 | 2.1 LOW | N/A |
|
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.
|
|||||
| CVE-2002-1580 | 1 Carnegie Mellon University | 1 Cyrus Imap Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
|
|||||
| CVE-2002-1923 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
|
|||||
| CVE-2004-1846 | 1 Expinion.net | 1 News Manager Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
|
|||||
| CVE-2002-0615 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 7.5 HIGH | N/A |
|
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
|
|||||
| CVE-2006-3270 | 1 Thorcms | 1 Thorcms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
|
|||||
| CVE-2001-0841 | 1 Ikonboard.com | 1 Ikonboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
|
|||||
| CVE-2004-2088 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
|
|||||