Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1408 | 1 Hp | 2 Openview Emanate Snmp Agent, Vvos | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name.
|
|||||
| CVE-2005-2789 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2025-04-03 | 7.5 HIGH | N/A |
|
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username.
|
|||||
| CVE-2001-1191 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.
|
|||||
| CVE-2005-2958 | 1 Gnome | 1 Libgda2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
|
|||||
| CVE-2004-2281 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
|
|||||
| CVE-2002-1797 | 1 Hp | 1 Chaivm | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer.
|
|||||
| CVE-2002-0056 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
|
|||||
| CVE-2004-0467 | 1 Juniper | 1 Junos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed.
|
|||||
| CVE-2005-3361 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.
|
|||||
| CVE-2001-0963 | 1 Pi-soft | 1 Spoonftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command.
|
|||||
| CVE-2004-0429 | 1 Apple | 1 Mac Os X | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.
|
|||||
| CVE-2004-2226 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.
|
|||||
| CVE-2006-3496 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
|
|||||
| CVE-2002-1553 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
|
|||||
| CVE-2005-2902 | 1 Class-1 | 1 Class-1 Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file.
|
|||||
| CVE-2001-1068 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
|
|||||
| CVE-1999-0131 | 8 Bsdi, Digital, Eric Allman and 5 more | 9 Bsd Os, Osf 1, Sendmail and 6 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
|
|||||
| CVE-2006-0194 | 1 Fog Creek Software | 1 Fogbugz | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.
|
|||||
| CVE-2000-0777 | 1 Microsoft | 1 Money | 2025-04-03 | 7.2 HIGH | N/A |
|
The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
|
|||||
| CVE-2000-0207 | 1 Sgi | 2 Infosearch, Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
|
|||||
| CVE-2005-3926 | 1 Guppy | 1 Guppy | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.
|
|||||
| CVE-2005-1621 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.
|
|||||
| CVE-2006-2143 | 1 Jcink | 1 Textfilebb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags.
|
|||||
| CVE-2004-1945 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field.
|
|||||
| CVE-2006-0985 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.
|
|||||
| CVE-2004-1284 | 1 Mpg123 | 1 Mpg123 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.
|
|||||
| CVE-2001-0456 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
|
|||||
| CVE-2006-0668 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-3036 | 1 Ttxn | 1 File Transfer Anywhere | 2025-04-03 | 4.6 MEDIUM | N/A |
|
File Transfer Anywhere 3.01 stores sensitive password information in plaintext in the PASS value in the "File Transfer Anywhere" registry key, which allows local users to gain privileges.
|
|||||
| CVE-2004-0405 | 1 Cvs | 1 Cvs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
|
|||||
| CVE-2001-0740 | 1 3com | 2 3c840-us, 3cp4144 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.
|
|||||
| CVE-2006-3769 | 1 Top Xl | 1 Top Xl | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.
|
|||||
| CVE-2006-2542 | 1 Ti Kan | 1 Xmcd | 2025-04-03 | 2.1 LOW | N/A |
|
xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption).
|
|||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie.
|
|||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-2002-1052 | 1 W3c | 1 Jigsaw | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
|
|||||
| CVE-2002-1870 | 1 Sws | 1 Sws Simple Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
|
|||||
| CVE-2005-0266 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.
|
|||||
| CVE-2004-2480 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.
|
|||||
| CVE-2002-0980 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
|
|||||