Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0618 | 1 Lucent | 1 Orinoco Rg-1000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic.
|
|||||
| CVE-2002-0858 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
|
|||||
| CVE-2004-1990 | 1 Aldo Vargas | 1 Aldos Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request.
|
|||||
| CVE-2002-1293 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
|
|||||
| CVE-1999-0489 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
|
|||||
| CVE-2002-1058 | 1 Cobalt | 1 Qube | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileges as the Qube Admin via .. (dot dot) sequences in the sessionId cookie that point to an alternate session file.
|
|||||
| CVE-2002-2050 | 1 Modlogan | 1 Modlogan | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.
|
|||||
| CVE-1999-0954 | 1 Matt Wright | 1 Wwwboard | 2025-04-03 | 7.5 HIGH | N/A |
|
WWWBoard has a default username and default password.
|
|||||
| CVE-2001-0832 | 1 Oracle | 1 Database Server | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
|
|||||
| CVE-1999-1069 | 1 Icat | 1 Electronic Commerce Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter.
|
|||||
| CVE-2006-1092 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.
|
|||||
| CVE-2005-1024 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.
|
|||||
| CVE-2005-3063 | 1 Unu Networks | 1 Mailgust | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page.
|
|||||
| CVE-2003-0745 | 1 Castle Rock Computing | 1 Snmpc | 2025-04-03 | 10.0 HIGH | N/A |
|
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.
|
|||||
| CVE-2005-1602 | 1 Net56 | 1 File Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.
|
|||||
| CVE-2002-0864 | 1 Microsoft | 4 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
|
|||||
| CVE-2004-1799 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
|
|||||
| CVE-2004-1751 | 1 Massive Entertainment | 1 Ground Control Ii Operation Exodus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.
|
|||||
| CVE-2000-0289 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
|
|||||
| CVE-1999-1395 | 1 Dec | 1 Dec Openvms | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges.
|
|||||
| CVE-2006-0361 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.
|
|||||
| CVE-1999-0397 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The demo version of the Quakenbush NT Password Appraiser sends passwords across the network in plaintext.
|
|||||
| CVE-2006-4915 | 1 Innovate Portal | 1 Innovate Portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
|
|||||
| CVE-2004-2219 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
|
|||||
| CVE-2006-4311 | 1 Sonium | 1 Enterprise Adressbook | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.
|
|||||
| CVE-2005-3811 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.
|
|||||
| CVE-2002-0408 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
|
|||||
| CVE-2004-1630 | 1 Openwfe | 1 Work Flow Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2001-1424 | 1 Alcatel | 1 Speed Touch Home | 2025-04-03 | 7.5 HIGH | N/A |
|
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2004-0796 | 1 Spamassassin | 1 Spamassassin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.
|
|||||
| CVE-2005-3315 | 1 Novell | 1 Zenworks Patch Management Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.
|
|||||
| CVE-2004-0834 | 3 Gentoo, Mandrakesoft, Speedtouch | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
|
|||||
| CVE-2005-1415 | 1 Globalscape | 1 Secure Ftp Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
|
|||||
| CVE-2005-1606 | 1 Positive Software | 1 H-sphere Winbox | 2025-04-03 | 4.6 MEDIUM | N/A |
|
H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.
|
|||||
| CVE-2004-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
|
|||||
| CVE-2006-4133 | 1 Sap | 1 Internet Graphics Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.
|
|||||
| CVE-2001-0040 | 1 Apc | 1 Apcupsd | 2025-04-03 | 2.1 LOW | N/A |
|
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
|
|||||
| CVE-2006-3694 | 1 Yukihiro Matsumoto | 1 Ruby | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
|
|||||
| CVE-2004-1795 | 1 Info Touch | 1 Surfnet | 2025-04-03 | 2.1 LOW | N/A |
|
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
|
|||||
| CVE-1999-0439 | 2 Caldera, Procmail | 2 Openlinux, Procmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.
|
|||||