Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0258 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.
|
|||||
| CVE-2004-2092 | 1 Broadcom | 1 Inoculateit | 2025-04-03 | 4.6 MEDIUM | N/A |
|
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.
|
|||||
| CVE-2006-1897 | 1 Talentsoft | 1 Web\+ Shop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
|
|||||
| CVE-2006-4622 | 1 Comscripts | 1 Annoncev | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2003-0032 | 1 Mcrypt | 1 Libmcrypt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.
|
|||||
| CVE-2004-1302 | 1 Yamt | 1 Yamt | 2025-04-03 | 10.0 HIGH | N/A |
|
The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.
|
|||||
| CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2001-1016 | 1 Pgp | 5 Corporate Desktop, E-business Server, Freeware and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
|
|||||
| CVE-1999-1013 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.
|
|||||
| CVE-2006-3208 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB.
|
|||||
| CVE-2002-0024 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.
|
|||||
| CVE-2001-0115 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
|
|||||
| CVE-2001-0859 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
|
|||||
| CVE-2003-0664 | 1 Microsoft | 2 Word, Works | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
|
|||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.
|
|||||
| CVE-2003-0633 | 1 Oracle | 2 Applications, E-business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
|
|||||
| CVE-2006-2208 | 1 Planetluc | 1 Mynews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.
|
|||||
| CVE-2005-0952 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2006-0213 | 1 Kolab | 1 Kolab Groupware Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
|
|||||
| CVE-2005-3781 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."
|
|||||
| CVE-2006-4040 | 1 Mywebland | 1 Myevent | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
|
|||||
| CVE-2000-0474 | 1 Realnetworks | 1 Realserver | 2025-04-03 | 7.8 HIGH | N/A |
|
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
|
|||||
| CVE-2006-3397 | 1 Pkr Internet | 1 Taskjitsu | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task.
|
|||||
| CVE-2004-1347 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.
|
|||||
| CVE-1999-0318 | 4 Hp, Ibm, Redhat and 1 more | 5 Hp-ux, Aix, Linux and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
|
|||||
| CVE-2004-1303 | 1 Yanf | 1 Yanf | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.
|
|||||
| CVE-2005-0626 | 1 Squid | 1 Squid | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
|
|||||
| CVE-2006-2676 | 1 Sitescape | 1 Sitescape Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2006-1114 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
|
|||||
| CVE-2000-0860 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
|
|||||
| CVE-1999-0200 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Windows NT FTP server (WFTP) with the guest account enabled without a password allows an attacker to log into the FTP server using any username and password.
|
|||||
| CVE-2004-0437 | 1 South River Technologies | 1 Titan Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
|
|||||
| CVE-2006-0551 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed ...
Show More |
|||||
| CVE-2006-4049 | 1 Sun | 1 Ray Server Software | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
|
|||||
| CVE-2002-1936 | 1 Utstarcom | 1 Bas 1000 | 2025-04-03 | 7.5 HIGH | N/A |
|
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
|
|||||
| CVE-2005-3199 | 1 Aspready Faq Manager | 1 Aspready Faq Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters.
|
|||||
| CVE-2006-0701 | 1 Imagevue | 1 Imagevue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters.
|
|||||
| CVE-2006-0570 | 1 Hinton Design | 1 Phpstatus | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface.
|
|||||
| CVE-2006-2919 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.
|
|||||
| CVE-2003-1221 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
|
|||||