Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0618 | 1 Qnx | 1 Neutrino Rtos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).
|
|||||
| CVE-2004-2259 | 1 Beasts | 1 Vsftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
|
|||||
| CVE-2005-4599 | 1 Moxiecode | 1 Tinymce Compressor Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.
|
|||||
| CVE-2002-0103 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 4.6 MEDIUM | N/A |
|
An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml.
|
|||||
| CVE-2003-1527 | 2 Ibm, Iss | 2 Internet Security Systems Blackice Defender, Blackice Server Protection | 2025-04-03 | 4.3 MEDIUM | N/A |
|
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
|
|||||
| CVE-2004-0281 | 1 Caucho | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.
|
|||||
| CVE-2002-1152 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
|
|||||
| CVE-1999-0267 | 1 Ncsa | 1 Ncsa Httpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
|
|||||
| CVE-2006-1674 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.
|
|||||
| CVE-2004-0750 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
|
|||||
| CVE-2002-0094 | 1 Fraunhofer Fit | 1 Bscw | 2025-04-03 | 7.5 HIGH | N/A |
|
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
|
|||||
| CVE-2005-1625 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag.
|
|||||
| CVE-2002-0162 | 1 Logwatch | 1 Logwatch | 2025-04-03 | 6.2 MEDIUM | N/A |
|
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory.
|
|||||
| CVE-2005-2422 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter.
|
|||||
| CVE-1999-1038 | 1 Tamu | 1 Tiger | 2025-04-03 | 7.2 HIGH | N/A |
|
Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable.
|
|||||
| CVE-2000-0089 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
|
|||||
| CVE-2005-0664 | 1 Libexif | 1 Libexif | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.
|
|||||
| CVE-2006-3431 | 1 Microsoft | 1 Excel | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
|
|||||
| CVE-2004-1325 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
|
|||||
| CVE-2002-1258 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
|
|||||
| CVE-1999-0469 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
|
|||||
| CVE-1999-1164 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang.
|
|||||
| CVE-2006-1748 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.
|
|||||
| CVE-2005-4266 | 1 Alt-n | 2 Mdaemon, Worldclient | 2025-04-03 | 7.5 HIGH | N/A |
|
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
|
|||||
| CVE-1999-1055 | 1 Microsoft | 1 Excel | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
|
|||||
| CVE-2004-1172 | 1 Symantec Veritas | 1 Backup Exec | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
|
|||||
| CVE-2002-0696 | 1 Microsoft | 1 Visual Foxpro | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.
|
|||||
| CVE-2003-1060 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
|
|||||
| CVE-2006-4330 | 1 Wireshark | 1 Wireshark | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
|
|||||
| CVE-2004-1456 | 1 Cvstrac | 1 Cvstrac | 2025-04-03 | 7.5 HIGH | N/A |
|
filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.
|
|||||
| CVE-1999-0807 | 1 Netscape | 1 Directory Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
|
|||||
| CVE-1999-0373 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
|
|||||
| CVE-1999-1446 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.1 LOW | N/A |
|
Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
|
|||||
| CVE-2004-1885 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
|
|||||
| CVE-2006-3454 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
|
|||||
| CVE-2005-2583 | 1 Mentor | 1 Adslfr4ii | 2025-04-03 | 7.5 HIGH | N/A |
|
Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access.
|
|||||
| CVE-2005-1095 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2005-2192 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
|
|||||
| CVE-2005-4166 | 1 Duware | 1 Duportal Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
|
|||||
| CVE-2003-1226 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
|
|||||