Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2155 | 1 Online-bookmarks | 1 Web Based Bookmark Application | 2025-04-03 | 7.5 HIGH | N/A |
|
Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php.
|
|||||
| CVE-2002-0752 | 1 Cgiscript.net | 1 Csmailto | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.
|
|||||
| CVE-2001-1302 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 2.1 LOW | N/A |
|
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
|
|||||
| CVE-2002-1405 | 3 Elinks, Links, University Of Kansas | 3 Elinks, Links, Lynx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
|
|||||
| CVE-1999-1592 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
|
|||||
| CVE-2000-1120 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
|
|||||
| CVE-2000-1122 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
|
|||||
| CVE-2005-0090 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 2.1 LOW | N/A |
|
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).
|
|||||
| CVE-2004-2084 | 1 Jshop E-commerce | 2 Jshop Professional, Jshop Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.
|
|||||
| CVE-2004-1542 | 1 Raven Software | 1 Soldier Of Fortune | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.
|
|||||
| CVE-2002-0631 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.
|
|||||
| CVE-2006-4609 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.p ...
Show More |
|||||
| CVE-2005-4289 | 1 Edatcat | 1 Edatcat Shopping Cart System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter.
|
|||||
| CVE-2006-3115 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.
|
|||||
| CVE-2004-2073 | 1 Vserver | 1 Linux-vserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
|
|||||
| CVE-2004-0013 | 1 Jabber Software Foundation | 1 Jabber Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).
|
|||||
| CVE-2005-2967 | 1 Xine | 1 Xine-lib | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
|
|||||
| CVE-2005-4337 | 1 Blackboard | 1 Academic Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
|
|||||
| CVE-2006-0729 | 1 Teca Scripts | 1 Teca Diary | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters.
|
|||||
| CVE-2005-3715 | 1 Senao | 1 Si-680h Wireless Voip Phone | 2025-04-03 | 7.5 HIGH | N/A |
|
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service.
|
|||||
| CVE-2001-0225 | 1 Lenzo | 1 Infobot | 2025-04-03 | 10.0 HIGH | N/A |
|
fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2006-4493 | 1 Xbiff2 | 1 Xbiff2 | 2025-04-03 | 2.1 LOW | N/A |
|
xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with insecure file permissions, which allows local users to obtain sensitive information such as login credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2000-0951 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
|
|||||
| CVE-2003-1223 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
|
|||||
| CVE-2003-1088 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
|
|||||
| CVE-2005-3815 | 1 Greywyvern | 1 Orca Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
|
|||||
| CVE-2001-1451 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
|
|||||
| CVE-2001-0222 | 1 Webmin | 1 Webmin | 2025-04-03 | 1.2 LOW | N/A |
|
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
|
|||||
| CVE-2005-2518 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
|
|||||
| CVE-2005-2852 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
|
|||||
| CVE-2005-2429 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.
|
|||||
| CVE-2003-1138 | 1 Redhat | 1 Interchange | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
|
|||||
| CVE-1999-0628 | 4 Freebsd, Ibm, Linux and 1 more | 4 Freebsd, Aix, Linux Kernel and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The rwho/rwhod service is running, which exposes machine status and user information.
|
|||||
| CVE-2004-2415 | 1 Davenport | 1 Davenport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.
|
|||||
| CVE-2006-0877 | 1 Easy Forum | 1 Easy Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.
|
|||||
| CVE-2004-2340 | 1 Even Balance | 1 Punkbuster Database | 2025-04-03 | 7.5 HIGH | N/A |
|
** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBust ...
Show More |
|||||
| CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.
|
|||||
| CVE-2004-1998 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.
|
|||||
| CVE-2006-2804 | 1 Goss | 1 Icm | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
|
|||||
| CVE-2004-1296 | 1 Gnu | 1 Groff | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||