Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0472 | 1 My Little Homepage | 1 My Little Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
|
|||||
| CVE-1999-1008 | 2 Freebsd, Mandrakesoft | 2 Freebsd, Mandrake Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
xsoldier program allows local users to gain root access via a long argument.
|
|||||
| CVE-1999-0417 | 1 Sun | 1 Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
64 bit Solaris 7 procfs allows local users to perform a denial of service.
|
|||||
| CVE-2005-3291 | 1 Stani | 1 Stanis Python Editor | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.
|
|||||
| CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.
|
|||||
| CVE-2006-3275 | 1 Yabb | 1 Yabb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.
|
|||||
| CVE-2004-2168 | 1 Baardsen Software | 1 Basomail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3).
|
|||||
| CVE-2000-0186 | 4 Freebsd, Mandrakesoft, Redhat and 1 more | 4 Freebsd, Mandrake Linux, Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
|
|||||
| CVE-2005-2483 | 1 Karrigell | 1 Karrigell | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.
|
|||||
| CVE-2000-0720 | 1 Gwscripts | 1 Gwscripts News Publisher | 2025-04-03 | 5.0 MEDIUM | N/A |
|
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
|
|||||
| CVE-2004-0660 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
|
|||||
| CVE-2005-3729 | 1 Revize Cms | 1 Revize Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html.
|
|||||
| CVE-2006-1001 | 1 Lansuite | 1 Lanparty Intranet System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.
|
|||||
| CVE-2005-1615 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 7.5 HIGH | N/A |
|
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.
|
|||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
|
|||||
| CVE-2002-0820 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.
|
|||||
| CVE-2001-0988 | 1 Knox Software | 1 Arkeia | 2025-04-03 | 7.2 HIGH | N/A |
|
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information.
|
|||||
| CVE-2006-4532 | 1 Bernard Pacques | 1 Yet Another Community System Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.
|
|||||
| CVE-2006-2991 | 1 Ringlink | 1 Ringlink | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi.
|
|||||
| CVE-2004-0094 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
|
|||||
| CVE-1999-0804 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Linux and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
|
|||||
| CVE-2001-1286 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
|
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
|
|||||
| CVE-1999-0561 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
IIS has the #exec function enabled for Server Side Include (SSI) files.
|
|||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
|
|||||
| CVE-2006-4160 | 1 Mvcnphp | 1 Mvcnphp | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php.
|
|||||
| CVE-2000-0251 | 1 Hp | 2 Hp-ux, Vvos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
|
|||||
| CVE-2004-2375 | 1 1st Class Internet Solutions | 1 1st Class Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long second parameter (digest).
|
|||||
| CVE-2003-0178 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.
|
|||||
| CVE-2005-4352 | 2 Linux, Netbsd | 2 Linux Kernel, Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
|
|||||
| CVE-2005-1590 | 1 Altiris | 2 Client Service, Deployment Solution | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.
|
|||||
| CVE-2006-0446 | 1 Webwork | 1 Webwork | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors.
|
|||||
| CVE-2006-4887 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
|
|||||
| CVE-2006-2925 | 1 Ingate | 2 Ingate Firewall, Siparator | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.
|
|||||
| CVE-2001-0546 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
|
|||||
| CVE-2005-4659 | 1 Ipcop | 1 Ipcop | 2025-04-03 | 2.1 LOW | N/A |
|
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
|
|||||
| CVE-2001-0265 | 1 Pgp | 1 Pgp | 2025-04-03 | 2.1 LOW | N/A |
|
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
|
|||||
| CVE-2002-1592 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2006-3916 | 1 Solucija | 1 Snews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
|
|||||
| CVE-2002-1436 | 1 Novell | 1 Netware | 2025-04-03 | 7.5 HIGH | N/A |
|
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
|
|||||
| CVE-2002-2011 | 1 Jon Howell | 1 Faq-o-matic | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
|||||