Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0323 | 1 Nombas | 1 Scriptease Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL.
|
|||||
| CVE-2006-4630 | 1 Sky Gunning | 1 Myspeach | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.
|
|||||
| CVE-2001-1222 | 1 Plesk | 1 Plesk Server Administrator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
|
|||||
| CVE-2004-0345 | 1 Volition | 1 Red Faction | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name.
|
|||||
| CVE-2005-3344 | 1 Horde | 1 Horde | 2025-04-03 | 10.0 HIGH | N/A |
|
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
|
|||||
| CVE-2001-1505 | 1 Tinc | 1 Tinc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
|
|||||
| CVE-2003-0461 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
|
|||||
| CVE-2003-0072 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
|
|||||
| CVE-1999-1307 | 1 Novell | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
|
|||||
| CVE-2002-1322 | 1 Rational Software | 1 Clearcase | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap.
|
|||||
| CVE-2006-0417 | 1 Mywebland | 1 Minibloggie | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.
|
|||||
| CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
|
|||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2025-04-03 | 2.6 LOW | N/A |
|
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
|
|||||
| CVE-2002-2079 | 2 Mosix Project, Openmosix Project | 2 Mosix, Openmosix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.
|
|||||
| CVE-2005-2471 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 7.5 HIGH | N/A |
|
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
|
|||||
| CVE-2005-4405 | 1 Random Mouse Software | 1 Red Queen | 2025-04-03 | 5.0 MEDIUM | N/A |
|
redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks the path in an error message.
|
|||||
| CVE-1999-1090 | 1 Ncsa | 1 Telnet | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
|
|||||
| CVE-2006-0844 | 1 Leif M. Wright | 1 Web Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
|
|||||
| CVE-2005-0969 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
|
|||||
| CVE-2006-1133 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.
|
|||||
| CVE-2005-2139 | 1 Pavsta | 1 Pavsta Auto Site | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter.
|
|||||
| CVE-2003-0765 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
|
|||||
| CVE-2005-3423 | 1 Subdreamer | 1 Subdreamer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.
|
|||||
| CVE-2004-2553 | 1 The Ignition Project | 1 Ignitionserver | 2025-04-03 | 6.0 MEDIUM | N/A |
|
The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.
|
|||||
| CVE-2006-3081 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.0 MEDIUM | N/A |
|
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
|
|||||
| CVE-2004-2421 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.
|
|||||
| CVE-2005-4674 | 1 Complete Php Counter | 1 Complete Php Counter | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.
|
|||||
| CVE-2006-3908 | 1 Gillius Programming | 1 Game Networking Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.
|
|||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20 ...
Show More |
|||||
| CVE-2006-0777 | 1 Teca Scripts | 1 Guestex | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters.
|
|||||
| CVE-2003-0877 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
|
|||||
| CVE-2005-2950 | 1 Sawmill | 1 Sawmill | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.
|
|||||
| CVE-2006-0664 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
|
|||||
| CVE-2004-0014 | 1 Nd | 1 Nd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.
|
|||||
| CVE-1999-0772 | 1 Compaq | 2 Insight Management Agent, Power Management | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.
|
|||||
| CVE-2006-3325 | 1 Id Software | 1 Quake 3 Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
|
|||||
| CVE-2006-4732 | 1 Microsoft | 1 Visual Basic | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
|
|||||
| CVE-2005-4768 | 1 Tux Racer | 1 Tuxbank | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php.
|
|||||
| CVE-2002-0783 | 1 Opera Software | 1 Opera Web Browser | 2025-04-03 | 7.5 HIGH | N/A |
|
Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.
|
|||||
| CVE-1999-0679 | 1 Hybrid Network | 1 Hybrid Ircd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.
|
|||||