Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0184 | 1 Eeye Digital Security | 1 Iris | 2025-04-03 | 2.6 LOW | N/A |
|
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.
|
|||||
| CVE-2001-1423 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 7.5 HIGH | N/A |
|
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
|
|||||
| CVE-2002-0473 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 10.0 HIGH | N/A |
|
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
|
|||||
| CVE-2005-4618 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.
|
|||||
| CVE-2006-2643 | 1 Circle R | 1 Monster Top List | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter.
|
|||||
| CVE-1999-0333 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.5 HIGH | N/A |
|
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
|
|||||
| CVE-2003-0769 | 1 Mirabilis | 1 Icq | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field.
|
|||||
| CVE-2005-3982 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
|
|||||
| CVE-1999-1540 | 1 Cactus Software | 1 Shell-lock | 2025-04-03 | 2.1 LOW | N/A |
|
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
|
|||||
| CVE-2001-0183 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
|
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.
|
|||||
| CVE-2002-0672 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
|
|||||
| CVE-2005-1613 | 1 Openbb | 1 Openbb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.
|
|||||
| CVE-2002-1342 | 1 Smb2www | 1 Smb2www | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.
|
|||||
| CVE-2006-0583 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-1999-1155 | 1 Lakeweb | 1 Mail List Cgi Script | 2025-04-03 | 7.5 HIGH | N/A |
|
LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
|
|||||
| CVE-2005-2512 | 1 Apple | 2 Mac Os X, Mail | 2025-04-03 | 2.1 LOW | N/A |
|
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
|
|||||
| CVE-2005-1751 | 1 Shtool | 1 Shtool | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
|
|||||
| CVE-2006-4379 | 1 Ipswitch | 3 Imail Plus, Imail Secure Server, Ipswitch Collaboration Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
|
|||||
| CVE-2000-0256 | 1 Microsoft | 3 Frontpage, Personal Web Server, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
|
|||||
| CVE-2006-1097 | 1 Datenbank Module | 1 Datenbank Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php.
|
|||||
| CVE-2005-3293 | 1 Xerver | 1 Xerver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character.
|
|||||
| CVE-2006-0858 | 1 Starforce | 1 Safe N Sec Personal \+ Anti-spyware | 2025-04-03 | 7.2 HIGH | N/A |
|
Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder.
|
|||||
| CVE-2005-0091 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.
|
|||||
| CVE-2005-4090 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
|
|||||
| CVE-2006-2013 | 1 Web-provence | 1 Sl Site | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.
|
|||||
| CVE-2003-0983 | 1 Cisco | 2 80-7111-01 For The Unity-svrx255-1a, 80-7112-01 For The Unity-svrx255-2a | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
|
|||||
| CVE-1999-1253 | 1 Sco | 2 Internet Faststart, Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges.
|
|||||
| CVE-2005-3582 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.2 HIGH | N/A |
|
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
|
|||||
| CVE-2002-1867 | 1 Bizdesign | 1 Imagefolio | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).
|
|||||
| CVE-2004-2074 | 1 Bolintech | 1 Dream Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
|
|||||
| CVE-2005-4646 | 1 Pearlinger | 1 Pearl Forums | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-3276 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.
|
|||||
| CVE-2006-2608 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2025-04-03 | 5.1 MEDIUM | N/A |
|
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
|
|||||
| CVE-2005-4496 | 1 Forum One | 1 Syntaxcms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
|
|||||
| CVE-2006-2234 | 1 Tyrocms | 1 Tyrocms | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag.
|
|||||
| CVE-2005-3484 | 1 Nero | 1 Neronet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.
|
|||||
| CVE-2001-0433 | 1 Micheal Lamont | 1 Savant Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
|
|||||
| CVE-2002-0081 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
|
|||||
| CVE-2005-1657 | 1 Mercur | 1 Mercur Messaging | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
|
|||||