Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
|
|||||
| CVE-2004-0233 | 3 Sgi, Slackware, Utempter | 3 Propack, Slackware Linux, Utempter | 2025-04-03 | 2.1 LOW | N/A |
|
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
|
|||||
| CVE-2002-1065 | 1 T. Hauck | 1 Jana Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.
|
|||||
| CVE-2003-1018 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
|
|||||
| CVE-2001-0815 | 1 Activestate | 1 Activeperl | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
|
|||||
| CVE-2005-4292 | 1 Internet Express Products | 1 Commercesql | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature.
|
|||||
| CVE-1999-1197 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
|
|||||
| CVE-2002-1819 | 1 Tinyhttpd | 1 Tinyhttpd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
|
|||||
| CVE-2000-0765 | 1 Microsoft | 3 Excel, Powerpoint, Word | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
|
|||||
| CVE-2006-3225 | 1 Sun | 2 Java System Application Server, One Application Server | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
|
|||||
| CVE-2006-1473 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
|
|||||
| CVE-2001-0694 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.
|
|||||
| CVE-2006-1588 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
|
|||||
| CVE-2003-0221 | 1 Hp | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack.
|
|||||
| CVE-2005-0515 | 1 Webroot Software | 1 My Firewall Plus | 2025-04-03 | 2.1 LOW | N/A |
|
Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.
|
|||||
| CVE-2005-3364 | 1 Platinum | 1 Dboardgear | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.
|
|||||
| CVE-1999-0759 | 1 Fuseware | 1 Fusemail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in FuseMAIL POP service via long USER and PASS commands.
|
|||||
| CVE-2006-4432 | 1 Zend | 1 Zend Platform | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
|
|||||
| CVE-2003-0925 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
|
|||||
| CVE-2006-3477 | 1 Stalker | 1 Communigate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox.
|
|||||
| CVE-2004-2669 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php.
|
|||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2005-1460 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.
|
|||||
| CVE-2006-2077 | 1 Pdnsd | 1 Pdnsd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite.
|
|||||
| CVE-2006-1947 | 1 Nicplex | 1 Plexum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.
|
|||||
| CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.
|
|||||
| CVE-2005-4010 | 1 Sensation Designs | 1 Kbase Express | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
|
|||||
| CVE-2006-1088 | 1 Php-stats | 1 Php-stats | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.
|
|||||
| CVE-2004-2501 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.
|
|||||
| CVE-2004-1712 | 1 Typepad | 1 Typepad | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.
|
|||||
| CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
|
|||||
| CVE-2005-4483 | 1 Iatek | 1 Siteenable | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.
|
|||||
| CVE-2002-0744 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
|
|||||
| CVE-1999-0529 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc.
|
|||||
| CVE-2002-1812 | 1 Gdam | 1 Gdam | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
|
|||||
| CVE-1999-1147 | 1 Platinum | 1 Policy Compliance Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.
|
|||||
| CVE-2005-4831 | 1 Viewcvs | 1 Viewcvs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.
|
|||||
| CVE-2005-4504 | 1 Apple | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
|
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
|
|||||
| CVE-2005-3448 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
|
|||||
| CVE-1999-0598 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.
|
|||||