Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1040 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable.
|
|||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2006-0880 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.
|
|||||
| CVE-2005-2805 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
|
|||||
| CVE-2006-0552 | 1 Oracle | 12 10g Enterprise Manager Grid Control, Application Server, Collaboration Suite and 9 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
|
|||||
| CVE-2003-0848 | 1 Slocate | 1 Slocate | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
|
|||||
| CVE-2005-1405 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 2.1 LOW | N/A |
|
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.
|
|||||
| CVE-2004-2125 | 1 Iss | 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
|
|||||
| CVE-1999-0580 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.
|
|||||
| CVE-2005-2886 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php.
|
|||||
| CVE-2005-3318 | 1 Jed Wing | 1 Chm Lib | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930.
|
|||||
| CVE-2003-0592 | 1 Kde | 2 Konqueror, Konqueror Embedded | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
|
|||||
| CVE-2003-0779 | 1 Digium | 1 Asterisk | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
|
|||||
| CVE-1999-0306 | 1 Hp | 1 Vvos | 2025-04-03 | 7.2 HIGH | N/A |
|
buffer overflow in HP xlock program.
|
|||||
| CVE-2002-2138 | 1 Hp | 2 Advanced Server 9000, Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139.
|
|||||
| CVE-2004-0970 | 1 Gnu | 1 Gzip | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
|
|||||
| CVE-2006-3402 | 1 Virtuastore | 1 Virtuastore | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.
|
|||||
| CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
|
|||||
| CVE-2006-4969 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
|
|||||
| CVE-2005-1645 | 1 Keyvan1 | 1 Imagegallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2002-0808 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
|
|||||
| CVE-1999-0884 | 1 Zeus Technologies | 1 Zeus Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Zeus web server administrative interface uses weak encryption for its passwords.
|
|||||
| CVE-2006-4313 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
|
|||||
| CVE-2006-0678 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 1.5 LOW | N/A |
|
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.
|
|||||
| CVE-2006-2074 | 1 Juniper | 1 Junose | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite.
|
|||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses.
|
|||||
| CVE-2001-0828 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.1 MEDIUM | N/A |
|
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
|
|||||
| CVE-2006-0898 | 1 Lincoln D. Stein | 1 Crypt Cbc | 2025-04-03 | 2.6 LOW | N/A |
|
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
|
|||||
| CVE-2005-2904 | 1 Zebedee | 1 Zebedee | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection function in zebedee.c.
|
|||||
| CVE-2006-1153 | 1 D2-shoutbox | 1 D2-shoutbox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).
|
|||||
| CVE-2000-1012 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
|
|||||
| CVE-2000-0770 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 6.4 MEDIUM | N/A |
|
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
|
|||||
| CVE-2001-0946 | 1 Redhat | 1 Linux | 2025-04-03 | 3.6 LOW | N/A |
|
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.
|
|||||
| CVE-1999-0304 | 4 Bsdi, Freebsd, Netbsd and 1 more | 4 Bsd Os, Freebsd, Netbsd and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
|
|||||
| CVE-2005-1068 | 1 Scssboard | 1 Scssboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags.
|
|||||
| CVE-2002-2093 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin.
|
|||||
| CVE-1999-1024 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 7.5 HIGH | N/A |
|
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
|
|||||
| CVE-2005-2686 | 1 Savewebportal | 1 Savewebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.
|
|||||
| CVE-2006-0561 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
|
|||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
|
|||||