Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0342 | 1 Kde | 1 K-mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
|
|||||
| CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2006-3112 | 1 Chipmailer | 1 Chipmailer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function.
|
|||||
| CVE-2001-0289 | 1 Joseph Allen | 1 Joe | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
|
|||||
| CVE-2006-0490 | 1 Aspthai.net | 1 Aspthai Forums | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field.
|
|||||
| CVE-2006-2118 | 1 Jmk Web Scripts | 1 Jmk Picture Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action.
|
|||||
| CVE-2004-1665 | 1 Psnews | 1 Psnews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.
|
|||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
|
|||||
| CVE-2005-0868 | 4 Bosanova, Ibm, Mochasoft and 1 more | 4 Launcher400, Client Access, Tn5250 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
|
|||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | 2.1 LOW | N/A |
|
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
|
|||||
| CVE-2004-2641 | 1 Sun | 2 Netra 1280, Sun Fire | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
|
|||||
| CVE-2001-1132 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
|
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
|
|||||
| CVE-2003-0470 | 1 Symantec | 1 Security Check | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.
|
|||||
| CVE-2005-3936 | 1 Socketkb | 1 Socketkb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter.
|
|||||
| CVE-2000-0381 | 1 Gossamer Threads | 1 Dbman | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
|
|||||
| CVE-2001-1229 | 2 Icecast, Libshout | 2 Icecast, Libshout | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
|
|||||
| CVE-2001-0845 | 1 Dec | 4 Dec Openvms, Dec Openvms Alpha, Sevms and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
|
|||||
| CVE-2004-2668 | 1 Interchange Development Group | 1 Interchange | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2002-1133 | 1 Funsoft | 1 Dinos Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
|
|||||
| CVE-1999-1022 | 1 Sgi | 1 Irix | 2025-04-03 | 6.2 MEDIUM | N/A |
|
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
|
|||||
| CVE-2000-0894 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 10.0 HIGH | N/A |
|
HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.
|
|||||
| CVE-2006-3382 | 1 Mads | 1 Mads | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string".
|
|||||
| CVE-2006-1112 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.
|
|||||
| CVE-2001-1158 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
|
|||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
|
|||||
| CVE-2005-3387 | 1 Luca Deri | 1 Ntop | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-0500 | 1 Punctweb | 1 Myco Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL.
|
|||||
| CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
|
|||||
| CVE-2006-3317 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
|
|||||
| CVE-2005-2198 | 1 Spid | 1 Spid | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
|
|||||
| CVE-2005-1152 | 1 Debian | 1 Qpopper | 2025-04-03 | 2.1 LOW | N/A |
|
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
|
|||||
| CVE-2005-1793 | 1 Microsoft | 1 Windows 98se | 2025-04-03 | 2.6 LOW | N/A |
|
User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
|
|||||
| CVE-2005-1497 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.
|
|||||
| CVE-2006-1669 | 1 Phpheaven | 1 Phpmychat | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.
|
|||||
| CVE-2002-0244 | 1 Atheos | 1 Atheos | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
|
|||||
| CVE-2006-3672 | 1 Kde | 1 Konqueror | 2025-04-03 | 2.6 LOW | N/A |
|
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
|
|||||
| CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume.
|
|||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.
|
|||||
| CVE-2006-2295 | 1 Timobraun | 1 Dynamic Galerie | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php.
|
|||||
| CVE-2005-1400 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
|
|||||