Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0602 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port.
|
|||||
| CVE-2001-0787 | 1 Redhat | 1 Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.
|
|||||
| CVE-2006-1344 | 1 Verisign | 1 Mpki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter.
|
|||||
| CVE-2006-1225 | 1 Drupal | 1 Drupal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.
|
|||||
| CVE-2004-2300 | 1 Ucd-snmp | 1 Ucd-snmp | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.
|
|||||
| CVE-2004-0414 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
|
|||||
| CVE-2001-1055 | 1 Microsoft | 2 Windows 98, Windows 98se | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
|
|||||
| CVE-2006-0562 | 1 Pluggedout | 1 Pluggedout Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.
|
|||||
| CVE-2002-0093 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423.
|
|||||
| CVE-2001-1093 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2004-0259 | 1 Joe Lumbroso Acks | 1 Formmail.php | 2025-04-03 | 9.3 HIGH | N/A |
|
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.
|
|||||
| CVE-2004-0131 | 1 Gnu | 1 Radius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
|
|||||
| CVE-2002-1319 | 2 Linux, Trustix | 2 Linux Kernel, Secure Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
|
|||||
| CVE-2005-0678 | 1 Stadtaus | 1 Form Mail Script | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-3403 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.
|
|||||
| CVE-2002-1054 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.
|
|||||
| CVE-2001-1363 | 1 Phpwebsite Development Team | 1 Phpwebsite | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
|
|||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.
|
|||||
| CVE-1999-1379 | 1 Dnstools Software | 1 Dnstools | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
|
|||||
| CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
|
|||||
| CVE-2004-1938 | 1 Phorum | 1 Phorum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
|
|||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2025-04-03 | 2.6 LOW | N/A |
|
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
|
|||||
| CVE-2001-0579 | 1 Sco | 1 Openserver | 2025-04-03 | 7.5 HIGH | N/A |
|
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
|
|||||
| CVE-2006-0166 | 1 Symantec | 1 Norton System Works | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.
|
|||||
| CVE-2000-0375 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
|
|||||
| CVE-2003-1239 | 1 Wihphoto | 1 Wihphoto | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.
|
|||||
| CVE-2004-1600 | 1 Coolphp | 1 Coolphp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message.
|
|||||
| CVE-2005-1679 | 1 Timo Rossi | 1 Picasm | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.
|
|||||
| CVE-2004-2622 | 1 Altiris | 1 Deployment Server Extension For Ibm Director | 2025-04-03 | 10.0 HIGH | N/A |
|
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
|
|||||
| CVE-2006-2063 | 1 Leadhound Network | 2 Leadhound Full, Leadhound Lite | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_de ...
Show More |
|||||
| CVE-2006-4726 | 1 Adobe | 1 Coldfusion | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.
|
|||||
| CVE-2005-2855 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.
|
|||||
| CVE-2002-1312 | 1 Linksys | 9 Befn2ps4, Befsr11, Befsr41 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password.
|
|||||
| CVE-2005-2519 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.
|
|||||
| CVE-2006-2511 | 1 Frontrange | 1 Iheat | 2025-04-03 | 6.5 MEDIUM | N/A |
|
The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog.
|
|||||
| CVE-2004-0623 | 1 Gnu | 1 Gnats | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
|
|||||
| CVE-2005-2165 | 1 Globalnotescript | 1 Globalnotescript | 2025-04-03 | 7.5 HIGH | N/A |
|
read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters.
|
|||||
| CVE-2002-1586 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
|
|||||
| CVE-1999-1166 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
|
|||||
| CVE-1999-0904 | 1 Byte Fusion | 1 Bftelnet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.
|
|||||