Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1423 | 1 Software602 | 1 602lan Suite | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
|
|||||
| CVE-2000-0350 | 1 Networkice | 1 Icecap Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.
|
|||||
| CVE-2002-0249 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
|
|||||
| CVE-2003-0772 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments.
|
|||||
| CVE-2005-2118 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
|
|||||
| CVE-2005-2289 | 1 Phpcounter | 1 Phpcounter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message.
|
|||||
| CVE-2000-0259 | 1 Microsoft | 2 Terminal Server, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
|
|||||
| CVE-2000-1203 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
|
|||||
| CVE-2002-1809 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
|
|||||
| CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
|
|||||
| CVE-2005-0304 | 1 Divx | 1 Divx Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.
|
|||||
| CVE-2004-2577 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
|
|||||
| CVE-2002-1533 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
|
|||||
| CVE-2000-0215 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.
|
|||||
| CVE-2000-0117 | 1 Sun | 3 Cobalt Raq, Cobalt Raq 2, Cobalt Raq 3i | 2025-04-03 | 7.2 HIGH | N/A |
|
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
|
|||||
| CVE-2005-1039 | 1 Gnu | 1 Coreutils | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
|
|||||
| CVE-2001-0178 | 4 Caldera, Conectiva, Mandrakesoft and 1 more | 5 Openlinux Edesktop, Linux, Mandrake Linux and 2 more | 2025-04-03 | 2.1 LOW | N/A |
|
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
|
|||||
| CVE-2001-0562 | 1 Drummond Miles | 1 A1stats | 2025-04-03 | 7.5 HIGH | N/A |
|
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
|
|||||
| CVE-2004-0280 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.
|
|||||
| CVE-2000-0061 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
|
|||||
| CVE-2000-0683 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
|
|||||
| CVE-2005-1086 | 1 An | 1 An-httpd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
|
|||||
| CVE-2000-0238 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
|
|||||
| CVE-2005-3003 | 1 Noosoftware | 1 Nootoplist | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters.
|
|||||
| CVE-2005-0713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
|
|||||
| CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag.
|
|||||
| CVE-2002-1223 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
|
|||||
| CVE-2002-1621 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-1814 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory.
|
|||||
| CVE-2006-0905 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
|
|||||
| CVE-2001-0376 | 1 Sonicwall | 2 Soho2, Tele2 | 2025-04-03 | 7.5 HIGH | N/A |
|
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.
|
|||||
| CVE-2002-0981 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line.
|
|||||
| CVE-2006-4744 | 1 Abidia | 2 Abidia Wireless, O-anywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.
|
|||||
| CVE-2004-2413 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.
|
|||||
| CVE-2005-1270 | 1 Gentoo | 1 Rootkit Hunter | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2006-0136 | 1 Phanatic Softwares | 1 Chimera Web Portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.
|
|||||
| CVE-2002-1633 | 1 Qnx | 1 Qnx Rtos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip.
|
|||||
| CVE-2006-4977 | 1 Walter Beschmout | 1 Phpquiz | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
|
|||||
| CVE-1999-0912 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
|
|||||
| CVE-2000-1162 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 3.7 LOW | N/A |
|
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
|
|||||