Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4239 | 1 Php Jackknife | 1 Php Jackknife | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.
|
|||||
| CVE-2004-1658 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable.
|
|||||
| CVE-2006-0727 | 1 Musox | 1 Df Msanalysis | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.
|
|||||
| CVE-2006-4452 | 1 Web3king | 1 Web3news | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter.
|
|||||
| CVE-2006-4331 | 1 Wireshark | 1 Wireshark | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
|
|||||
| CVE-2002-0773 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 10.0 HIGH | N/A |
|
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.
|
|||||
| CVE-2003-1185 | 1 Thwboard | 1 Thwboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
|
|||||
| CVE-2005-0632 | 1 Phpnews | 1 Phpnews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter.
|
|||||
| CVE-2003-0969 | 1 Mpg321 | 1 Mpg321 | 2025-04-03 | 7.5 HIGH | N/A |
|
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
|
|||||
| CVE-2001-0976 | 1 Hp | 1 Process Resource Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables.
|
|||||
| CVE-2005-2430 | 1 Gforge | 1 Gforge | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.
|
|||||
| CVE-2006-0440 | 1 Text Rider | 1 Text Rider | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
|
|||||
| CVE-2001-1318 | 1 Qualcomm | 1 Eudora Worldmail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-1999-1054 | 1 Globetrotter | 1 Flexlm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command.
|
|||||
| CVE-2002-0345 | 1 Symantec | 1 Norton Ghost | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec Ghost 7.0 stores usernames and passwords in plaintext in the NGServer\params registry key, which could allow an attacker to gain privileges.
|
|||||
| CVE-2001-0212 | 1 His | 1 Auktion | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters.
|
|||||
| CVE-2005-0426 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.
|
|||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
|||||
| CVE-2005-1283 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.
|
|||||
| CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.
|
|||||
| CVE-2004-1096 | 10 Broadcom, Ca, Eset Software and 7 more | 22 Brightstor Arcserve Backup, Etrust Antivirus, Etrust Antivirus Gateway and 19 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
|
|||||
| CVE-2004-1219 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.
|
|||||
| CVE-2005-1182 | 1 Ibm | 1 Os 400 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.
|
|||||
| CVE-2004-0933 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
|
|||||
| CVE-2002-0997 | 1 Novell | 2 Netmail, Netmail Xe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
|
|||||
| CVE-2006-4071 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 2.6 LOW | N/A |
|
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
|
|||||
| CVE-2004-2373 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.
|
|||||
| CVE-2006-3983 | 1 Ekilat Llc | 1 Php\(reactor\) | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
|
|||||
| CVE-2004-1118 | 1 Weonlydo | 1 Wodftpdlx Activex Component | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.
|
|||||
| CVE-2005-3651 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets.
|
|||||
| CVE-2003-1056 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2004-2449 | 1 Gamespy | 2 Roger Wilco Dedicated Server, Roger Wilco Graphical Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram.
|
|||||
| CVE-2002-1425 | 1 John G. Myers | 1 Mpack | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
|
|||||
| CVE-2006-3808 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
|
|||||
| CVE-2004-2288 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
|
|||||
| CVE-2001-0413 | 1 Bintec | 3 X1000, X1200, X4000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
|
|||||
| CVE-2004-2396 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2025-04-03 | 7.2 HIGH | N/A |
|
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
|
|||||
| CVE-1999-0693 | 3 Hp, Ibm, Sco | 3 Hp-ux, Aix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
|
|||||
| CVE-2003-0993 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2005-0990 | 1 Gnu | 1 Sharutils | 2025-04-03 | 2.1 LOW | N/A |
|
unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
|
|||||