Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1263 | 1 Pragma Systems | 1 Interaccess | 2025-04-03 | 5.0 MEDIUM | N/A |
|
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
|
|||||
| CVE-2005-4498 | 1 Text-e | 1 Text-e Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
|
|||||
| CVE-2001-0355 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
|
|||||
| CVE-2002-0726 | 1 Microsoft | 1 Tsac Activex Control | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
|
|||||
| CVE-2000-0632 | 1 Lsoft | 1 Listserv | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.
|
|||||
| CVE-2002-2166 | 1 E-zone Media Inc. | 1 Fusetalk | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script.
|
|||||
| CVE-2005-1575 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.
|
|||||
| CVE-2005-2488 | 1 Web Content Management | 1 Web Content Management News System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
|
|||||
| CVE-2006-2465 | 1 Mp3info | 1 Mp3info | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
|
|||||
| CVE-2004-0781 | 1 Icecast | 1 Icecast | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.
|
|||||
| CVE-2002-1658 | 1 Apache | 1 Http Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
|
|||||
| CVE-2005-1893 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message.
|
|||||
| CVE-1999-0320 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 9.3 HIGH | N/A |
|
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
|
|||||
| CVE-2004-1117 | 1 Gentoo | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
|
|||||
| CVE-2006-0735 | 2 Fuzzymonkey, M Blom | 2 My Blog, Html-bbcode | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
|
|||||
| CVE-1999-0065 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
|
|||||
| CVE-2006-4752 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter.
|
|||||
| CVE-2001-0786 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file.
|
|||||
| CVE-1999-0681 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
|
|||||
| CVE-2005-1871 | 1 Drupal | 1 Drupal | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."
|
|||||
| CVE-2005-3209 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.
|
|||||
| CVE-2002-1451 | 1 Desiderata Software | 1 Blazix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
|
|||||
| CVE-2000-0455 | 1 David Bagley | 1 Xlock | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
|
|||||
| CVE-2002-1937 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password.
|
|||||
| CVE-1999-0808 | 1 Isc | 1 Dhcp Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.
|
|||||
| CVE-2006-4886 | 1 Mcafee | 2 Scan Engine, Virusscan Enterprise | 2025-04-03 | 3.7 LOW | N/A |
|
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
|
|||||
| CVE-2000-0383 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient.
|
|||||
| CVE-2006-4264 | 1 Mambo | 1 Mtg Myhomepage Component | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to c ...
Show More |
|||||
| CVE-2006-3798 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."
|
|||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
|
|||||
| CVE-2006-2740 | 1 Epic Designs | 1 Tinybb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors.
|
|||||
| CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2025-04-03 | 2.1 LOW | N/A |
|
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
|
|||||
| CVE-1999-0779 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in HP-UX SharedX recserv program.
|
|||||
| CVE-2005-0705 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2005-2510 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.
|
|||||
| CVE-2002-0274 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
|
|||||
| CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter.
|
|||||
| CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 7.5 HIGH | N/A |
|
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.
|
|||||
| CVE-2005-1531 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
|
|||||
| CVE-2001-0009 | 1 Lotus | 1 Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
|
|||||