Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1067 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
|
|||||
| CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php.
|
|||||
| CVE-2005-4286 | 1 Phplogcon | 1 Phplogcon | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php.
|
|||||
| CVE-2004-2588 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application.
|
|||||
| CVE-2001-0465 | 1 Intuit | 1 Turbo Tax | 2025-04-03 | 4.6 MEDIUM | N/A |
|
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
|
|||||
| CVE-2004-0392 | 1 Kame | 1 Racoon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
|
|||||
| CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message.
|
|||||
| CVE-2002-1600 | 1 Mike Spice | 1 My Classifieds | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter.
|
|||||
| CVE-1999-1005 | 2 Netscape, Novell | 2 Enterprise Server, Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
|
|||||
| CVE-2003-1007 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
|
|||||
| CVE-2006-0135 | 1 Thewebforum | 1 Thewebforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).
|
|||||
| CVE-2006-1199 | 1 Daverave | 1 Link Bank | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.
|
|||||
| CVE-2006-4418 | 1 Wikepage | 1 Wikepage | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
|
|||||
| CVE-2003-0729 | 1 Tellurian | 1 Tftpdnt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
|
|||||
| CVE-2000-0298 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
|
|||||
| CVE-2002-2102 | 1 Jcraft | 1 Jzlib | 2025-04-03 | 5.0 MEDIUM | N/A |
|
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
|
|||||
| CVE-2002-1233 | 1 Apache | 1 Http Server | 2025-04-03 | 2.6 LOW | N/A |
|
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
|
|||||
| CVE-2005-0015 | 1 Crosswire Bible Society | 1 Sword | 2025-04-03 | 7.5 HIGH | N/A |
|
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
|||||
| CVE-2005-1089 | 1 Dc\+\+ | 1 Dc\+\+ | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files.
|
|||||
| CVE-2006-4747 | 1 Idevspot | 1 Textads | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
|
|||||
| CVE-2005-1752 | 1 Gforge | 1 Gforge | 2025-04-03 | 6.4 MEDIUM | N/A |
|
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
|
|||||
| CVE-2004-2263 | 1 Playsms | 1 Playsms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
|
|||||
| CVE-2006-3929 | 1 Zyxel | 1 Prestige 660h-61 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
|
|||||
| CVE-2004-1160 | 1 Netscape | 1 Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
|
|||||
| CVE-2006-1285 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2025-04-03 | 3.2 LOW | N/A |
|
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.
|
|||||
| CVE-2005-0690 | 1 Gene6 | 1 G6 Ftp Server | 2025-04-03 | 2.1 LOW | N/A |
|
Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.
|
|||||
| CVE-2006-3740 | 2 X.org, Xfree86 Project | 2 X.org, Xfree86 X | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
|
|||||
| CVE-2006-2206 | 1 Ultravnc | 1 Ultravnc | 2025-04-03 | 10.0 HIGH | N/A |
|
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
|
|||||
| CVE-2001-1522 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
|
|||||
| CVE-2005-3460 | 1 Oracle | 2 10g Enterprise Manager Database Control, Enterprise Manager Application Server Control | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.
|
|||||
| CVE-2004-2407 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
|
|||||
| CVE-2001-1059 | 1 Vmware | 1 Workstation | 2025-04-03 | 3.6 LOW | N/A |
|
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
|
|||||
| CVE-2006-3834 | 1 Ej3 | 1 Topo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors.
|
|||||
| CVE-2004-1355 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
|
|||||
| CVE-2004-2610 | 1 Stefan Bambach | 1 Mntd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file.
|
|||||
| CVE-2006-4660 | 1 Icq Inc | 1 Icq Toolbar | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.
|
|||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.
|
|||||
| CVE-2001-0763 | 2 Debian, Suse | 2 Debian Linux, Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
|
|||||
| CVE-2004-2021 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
|
|||||
| CVE-2005-1052 | 1 Microsoft | 2 Outlook, Outlook Web Access | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
|
|||||