Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1123 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.
|
|||||
| CVE-1999-0224 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Windows NT messenger service through a long username.
|
|||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
|
|||||
| CVE-2004-0975 | 3 Gentoo, Mandrakesoft, Openssl | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 2.1 LOW | N/A |
|
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
|||||
| CVE-2006-4134 | 1 Sap | 1 Internet Graphics Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
|
|||||
| CVE-2005-2232 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2002-0697 | 1 Microsoft | 1 Metadirectory Services | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
|
|||||
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
|
|||||
| CVE-2004-2447 | 1 1st Class Internet Solutions | 1 1st Class Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
|
|||||
| CVE-2003-1014 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients.
|
|||||
| CVE-2006-1673 | 1 Jelsoft | 1 Vbug Tracker | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.
|
|||||
| CVE-2004-1964 | 1 Freshmeat | 1 Network Query Tool | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter.
|
|||||
| CVE-2006-3911 | 1 Php Live | 1 Php Live | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php.
|
|||||
| CVE-1999-1103 | 1 Digital | 1 Osf 1 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
|
|||||
| CVE-2005-1616 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 7.5 HIGH | N/A |
|
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.
|
|||||
| CVE-2006-2658 | 2 Mono, Suse | 3 Xsp, Suse Linux, Suse Open Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
|
|||||
| CVE-2005-0276 | 1 3com | 1 3cdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.
|
|||||
| CVE-2006-4857 | 1 Clicktech | 1 Clickblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.
|
|||||
| CVE-2005-4745 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2006-3661 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | 7.5 HIGH | N/A |
|
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
|
|||||
| CVE-2006-0899 | 1 4images | 1 Image Gallery Management System | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
|
|||||
| CVE-2005-3324 | 1 Appindex | 1 Mwchat | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2006-3350 | 1 Cimmetry Systems | 1 Autovue Solidmodel Professional | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive.
|
|||||
| CVE-2001-0294 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command.
|
|||||
| CVE-2004-1404 | 1 Opentools | 1 Attachment Mod | 2025-04-03 | 7.5 HIGH | N/A |
|
Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
|
|||||
| CVE-2006-3954 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
|
|||||
| CVE-2004-0108 | 3 Redhat, Sgi, Sysstat | 3 Sysstat, Propack, Sysstat | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
|
|||||
| CVE-2006-0559 | 1 Mcafee | 1 Webshield Smtp | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.
|
|||||
| CVE-2003-0301 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
|
|||||
| CVE-2004-1672 | 1 Icewarp | 1 Web Mail | 2025-04-03 | 7.5 HIGH | N/A |
|
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
|
|||||
| CVE-2002-1422 | 1 Ilia Alshanetsky | 1 Fudforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
|
|||||
| CVE-2005-2318 | 1 Dvbbs | 1 Dvbbs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture.
|
|||||
| CVE-2004-1006 | 1 Isc | 1 Dhcpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
|
|||||
| CVE-2006-0132 | 1 Webftp | 1 Webftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter.
|
|||||
| CVE-2001-1420 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.
|
|||||
| CVE-2005-3228 | 1 Ikarus | 1 Ikarus Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Ikarus AntiVirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2005-0285 | 1 Bottomline | 1 Webseries Payment Application | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.
|
|||||
| CVE-2001-1187 | 1 Mutasem Abudahab | 2 Csvform, Csvform Plus | 2025-04-03 | 7.5 HIGH | N/A |
|
csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.
|
|||||