Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0983 | 4 Gentoo, Mandrakesoft, Ubuntu and 1 more | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
|
|||||
| CVE-2004-2042 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
|
|||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2025-04-03 | 4.3 MEDIUM | N/A |
|
PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS).
|
|||||
| CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
|
|||||
| CVE-2004-1488 | 1 Gnu | 1 Wget | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.
|
|||||
| CVE-2003-0937 | 1 Sco | 2 Open Unix, Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user.
|
|||||
| CVE-2004-0548 | 2 Gentoo, Gnu | 2 Linux, Aspell | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
|
|||||
| CVE-2000-0842 | 1 Sco | 1 Unixware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | 6.4 MEDIUM | N/A |
|
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
|
|||||
| CVE-2002-1763 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
|
|||||
| CVE-2005-0807 | 1 Oxid | 1 Cain And Abel | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.
|
|||||
| CVE-2005-1376 | 1 Claroline | 1 Claroline | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.
|
|||||
| CVE-2004-2265 | 1 Uudeview | 1 Uudeview | 2025-04-03 | 7.2 HIGH | N/A |
|
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.
|
|||||
| CVE-2005-0410 | 1 Citrusdb | 1 Citrusdb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.
|
|||||
| CVE-2006-3092 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 7.5 HIGH | N/A |
|
PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party ...
Show More |
|||||
| CVE-2003-0175 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.
|
|||||
| CVE-2005-1734 | 1 Electricmonk | 1 Proms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2004-1965 | 1 Openbb | 1 Openbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
|
|||||
| CVE-2006-1844 | 1 Debian | 2 Base-config, Shadow | 2025-04-03 | 2.1 LOW | N/A |
|
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.
|
|||||
| CVE-2006-1611 | 1 Kgb | 1 Archiver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename.
|
|||||
| CVE-2002-0798 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
|
|||||
| CVE-2004-0601 | 1 Distcc | 1 Distcc | 2025-04-03 | 7.5 HIGH | N/A |
|
distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions.
|
|||||
| CVE-2000-1230 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
|
|||||
| CVE-2000-0622 | 1 Oreilly | 1 Website Professional | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
|
|||||
| CVE-2003-0272 | 1 Miniportal | 1 Miniportal | 2025-04-03 | 10.0 HIGH | N/A |
|
admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value.
|
|||||
| CVE-2001-1320 | 1 Pgp | 1 Keyserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2000-0686 | 1 Cgi Script Center | 1 Auction Weaver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
|
|||||
| CVE-2003-0097 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
|
|||||
| CVE-2003-0050 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 7.5 HIGH | N/A |
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
|
|||||
| CVE-2005-0144 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
|
|||||
| CVE-2001-0353 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
|
|||||
| CVE-2004-2101 | 1 Geovision | 1 Geohttpserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.
|
|||||
| CVE-2001-0109 | 1 Suse | 1 Suse Linux | 2025-04-03 | 1.2 LOW | N/A |
|
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
|
|||||
| CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
|
|||||
| CVE-1999-1272 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.
|
|||||
| CVE-2005-4325 | 1 Driverse | 1 Driverse | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems."
|
|||||
| CVE-2006-1795 | 1 Updi Network Enterprise | 1 At1 Event Publisher | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.
|
|||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.
|
|||||
| CVE-2000-0435 | 1 Matthew Redman | 1 Allmanage | 2025-04-03 | 7.5 HIGH | N/A |
|
The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.
|
|||||
| CVE-2006-2713 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR.
|
|||||