Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1771 | 1 Saxotech | 1 Saxopress | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter.
|
|||||
| CVE-2003-1563 | 1 Sun | 3 Cluster, Solaris, Sunos | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.
|
|||||
| CVE-2006-3420 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-4375 | 1 Box Uk | 1 Amaxus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376.
|
|||||
| CVE-1999-1403 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2025-04-03 | 7.2 HIGH | N/A |
|
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
|
|||||
| CVE-2000-0918 | 1 Kde | 1 Kvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
|
|||||
| CVE-2002-2087 | 1 Borland Software | 1 Interbase | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
|
|||||
| CVE-1999-1458 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2002-1719 | 1 Bavo | 1 Bavo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages.
|
|||||
| CVE-2002-0742 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in pioout on AIX 4.3.3.
|
|||||
| CVE-2004-0495 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
|
|||||
| CVE-1999-1351 | 1 Kvirc | 1 Irc Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.
|
|||||
| CVE-2005-4378 | 1 Nma | 1 Baseline Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter.
|
|||||
| CVE-2005-1821 | 1 Powerscripts.org | 1 Powerdownload | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php.
|
|||||
| CVE-2005-2107 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.
|
|||||
| CVE-2002-0525 | 1 Isc | 1 Inn | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
|
|||||
| CVE-2005-2693 | 1 Cvs | 1 Cvs | 2025-04-03 | 4.6 MEDIUM | N/A |
|
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
|
|||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.
|
|||||
| CVE-2005-2065 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter.
|
|||||
| CVE-2005-0487 | 1 Kayako | 1 Esupport | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.
|
|||||
| CVE-2004-0817 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
|
|||||
| CVE-2004-1782 | 1 David Maciejak | 1 Athena Web Registration | 2025-04-03 | 7.5 HIGH | N/A |
|
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.
|
|||||
| CVE-2005-1056 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.
|
|||||
| CVE-2000-0453 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
|
|||||
| CVE-2001-0898 | 1 Opera Software | 1 Opera Web Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
|
|||||
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe).
|
|||||
| CVE-2001-0198 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
|
|||||
| CVE-2005-0982 | 1 Yet Another Forum.net | 1 Yet Another Forum.net | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field.
|
|||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
|
|||||
| CVE-2006-4105 | 1 Fill Threads Database | 1 Fill Threads Database | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message.
|
|||||
| CVE-2005-3568 | 1 Ibm | 1 Db2 Content Manager | 2025-04-03 | 2.1 LOW | N/A |
|
db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
|
|||||
| CVE-2000-0630 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
|
|||||
| CVE-1999-1487 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
|
|||||
| CVE-2000-1003 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2025-04-03 | 2.6 LOW | N/A |
|
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
|
|||||
| CVE-2000-1096 | 1 Paul Vixie | 1 Vixie Cron | 2025-04-03 | 3.7 LOW | N/A |
|
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
|
|||||
| CVE-2005-3902 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script.
|
|||||
| CVE-1999-0958 | 1 Todd Miller | 1 Sudo | 2025-04-03 | 7.2 HIGH | N/A |
|
sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.
|
|||||
| CVE-2001-0173 | 2 Nobreak Technologies, Qdecoder | 2 Crazywwwboard, Qdecoder | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
|
|||||
| CVE-2005-0403 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 7.2 HIGH | N/A |
|
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
|
|||||
| CVE-2006-0802 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.
|
|||||