Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1066 | 1 University Of Washington | 1 Pine | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2002-2165 | 1 Imho | 1 Imho Webmail | 2025-04-03 | 2.1 LOW | N/A |
|
The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
|
|||||
| CVE-2004-2726 | 1 Mailenable | 1 Mailenable | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
|
|||||
| CVE-2005-3457 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS.
|
|||||
| CVE-2004-2216 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
|
|||||
| CVE-2005-2945 | 1 Arc | 1 Arc | 2025-04-03 | 2.1 LOW | N/A |
|
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
|
|||||
| CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 10.0 HIGH | N/A |
|
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
|
|||||
| CVE-1999-0424 | 1 Netscape | 1 Communicator | 2025-04-03 | 2.1 LOW | N/A |
|
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.
|
|||||
| CVE-2005-2890 | 1 Secureol | 1 Ve2 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows local users to bypass intended restrictions and gain access to the secured environment via direct access to the PhysicalMemory device.
|
|||||
| CVE-2005-0274 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters.
|
|||||
| CVE-2005-3986 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
|
|||||
| CVE-2004-0627 | 1 Mysql | 1 Mysql | 2025-04-03 | 10.0 HIGH | N/A |
|
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
|
|||||
| CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.
|
|||||
| CVE-2001-0519 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2025-04-03 | 7.5 HIGH | N/A |
|
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
|
|||||
| CVE-2005-2323 | 2 Class-1, Clever Copy | 2 Class-1 Forum, Clever Copy | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.
|
|||||
| CVE-2006-1976 | 1 Geekforgod.net | 1 Prayer Request Board | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field.
|
|||||
| CVE-2001-1292 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
|
|||||
| CVE-1999-1406 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.
|
|||||
| CVE-2006-0810 | 1 Skate Board | 1 Skate Board | 2025-04-03 | 3.5 LOW | N/A |
|
Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection.
|
|||||
| CVE-2005-4628 | 1 Help Desk Point Software | 1 Helpdeskpoint | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2004-2637 | 1 Zonet | 1 Zsr1104we Wireless Router Runtime Code | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions.
|
|||||
| CVE-2002-2173 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message.
|
|||||
| CVE-1999-0846 | 1 Deerfield | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in MDaemon 2.7 via a large number of connection attempts.
|
|||||
| CVE-2002-1012 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2006-4596 | 1 Mybace Light | 1 Mybace Light | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php.
|
|||||
| CVE-2005-0629 | 1 427bb | 1 Fourtwosevenbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
|
|||||
| CVE-2001-0161 | 1 Cisco | 1 Aironet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.
|
|||||
| CVE-2006-1714 | 1 Phpmyforum | 1 Phpmyforum | 2025-04-03 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter.
|
|||||
| CVE-2001-1357 | 1 Phpheaven | 1 Phpmychat | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.
|
|||||
| CVE-2005-0317 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
|
|||||
| CVE-2004-0741 | 1 Lionmax Software | 1 Www File Share Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow.
|
|||||
| CVE-2006-1358 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
|
|||||
| CVE-2003-0069 | 1 Putty | 1 Putty | 2025-04-03 | 7.5 HIGH | N/A |
|
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2005-1857 | 1 Simpleproxy | 1 Simpleproxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.
|
|||||
| CVE-2002-0693 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
|
|||||
| CVE-2004-0852 | 1 Htget | 1 Htget | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in htget 0.93 allows remote attackers to execute arbitrary code via a crafted URL.
|
|||||
| CVE-2002-1155 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in KON kon2 0.3.9b and earlier allows local users to execute arbitrary code via a long -Coding command line argument.
|
|||||
| CVE-2000-0751 | 3 Netbsd, Openbsd, Redhat | 3 Netbsd, Openbsd, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2005-4488 | 1 Computeroil | 1 Redakto Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters.
|
|||||
| CVE-1999-1468 | 4 Cray, Next, Sgi and 1 more | 4 Unicos, Next, Irix and 1 more | 2025-04-03 | 6.2 MEDIUM | N/A |
|
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
|
|||||