Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
|
|||||
| CVE-2002-1759 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
|
|||||
| CVE-2006-3206 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
|
|||||
| CVE-2003-0204 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
|
|||||
| CVE-2006-0882 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.
|
|||||
| CVE-2002-1864 | 1 Sws | 1 Sws Simple Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
|
|||||
| CVE-2006-4201 | 1 Hp | 1 Openview Storage Data Protector | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation.
|
|||||
| CVE-2002-0411 | 1 Aeromail | 1 Aeromail | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
|
|||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module.
|
|||||
| CVE-2003-0335 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.
|
|||||
| CVE-2000-0553 | 1 Darren Reed | 1 Ipfilter | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
|
|||||
| CVE-2006-1692 | 1 Manic Web | 1 Mwnewsletter | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis.
|
|||||
| CVE-2006-3664 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
|
|||||
| CVE-2002-1927 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2025-04-03 | 2.1 LOW | N/A |
|
Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file.
|
|||||
| CVE-2006-0726 | 1 Cpg-nuke | 1 Dragonfly Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
|
|||||
| CVE-2002-1395 | 1 Debian | 1 Internet Message | 2025-04-03 | 2.1 LOW | N/A |
|
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
|
|||||
| CVE-2006-1527 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.
|
|||||
| CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
|
|||||
| CVE-2002-1278 | 1 Jacques Gelinas | 1 Linuxconf | 2025-04-03 | 7.5 HIGH | N/A |
|
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
|
|||||
| CVE-2005-3035 | 1 Compuware | 1 Driverstudio | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to cause a denial of service (reboot) via a UDP packet sent directly to port 9110.
|
|||||
| CVE-1999-0108 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
The printers program in IRIX has a buffer overflow that gives root access to local users.
|
|||||
| CVE-2005-1191 | 1 Microsoft | 4 Windows 2000, Windows 98, Windows 98se and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
|
|||||
| CVE-2006-2857 | 1 Lifetype | 1 Lifetype | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).
|
|||||
| CVE-2005-3841 | 1 Kplaylist | 1 Kplaylist | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter.
|
|||||
| CVE-2000-0555 | 1 Lilikoi | 1 Ceilidh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests.
|
|||||
| CVE-2005-2420 | 1 Ftplocate | 1 Ftplocate | 2025-04-03 | 10.0 HIGH | N/A |
|
flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.
|
|||||
| CVE-2001-0703 | 1 Arcadia | 1 Arcadia Internet Store | 2025-04-03 | 5.0 MEDIUM | N/A |
|
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter.
|
|||||
| CVE-2001-1506 | 1 Hp | 1 Secure Os | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
|
|||||
| CVE-2000-0341 | 1 Atrium Software | 1 Cassandra Nntp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.
|
|||||
| CVE-2005-2900 | 1 Cj Desing | 1 Cjlinkout | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter.
|
|||||
| CVE-2005-1061 | 2 Logwatch, Redhat | 3 Logwatch, Enterprise Linux, Linux Advanced Workstation | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."
|
|||||
| CVE-2005-0292 | 1 Php Gift Registry | 1 Phpgiftreg | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.
|
|||||
| CVE-2005-1267 | 5 Gentoo, Lbl, Mandrakesoft and 2 more | 5 Linux, Tcpdump, Mandrake Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
|
|||||
| CVE-2000-0658 | 1 Analogx | 1 Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the POP3 protocol.
|
|||||
| CVE-1999-0878 | 2 Beroftpd, Washington University | 2 Beroftpd, Wu-ftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
|
|||||
| CVE-2005-4157 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.
|
|||||
| CVE-2006-3617 | 1 Pixelated By Lev | 1 Pixelated By Lev Guestbook | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, a ...
Show More |
|||||
| CVE-2003-1302 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
|
|||||
| CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2006-1165 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."
|
|||||