Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1786 | 1 Adobe | 1 Document Server | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.
|
|||||
| CVE-2002-0974 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
|
|||||
| CVE-1999-0991 | 1 Goodtech | 1 Telnet Server Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.
|
|||||
| CVE-2005-2630 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.
|
|||||
| CVE-2005-3738 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 2.6 LOW | N/A |
|
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
|
|||||
| CVE-2001-0568 | 1 Zope | 1 Zope | 2025-04-03 | 2.1 LOW | N/A |
|
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
|
|||||
| CVE-2000-0967 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
|
|||||
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2025-04-03 | 3.6 LOW | N/A |
|
The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.
|
|||||
| CVE-2001-0033 | 2 Kth, Netbsd | 2 Kth Kerberos, Netbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
|
|||||
| CVE-1999-1101 | 1 Kab Software | 1 Lydia | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges.
|
|||||
| CVE-2003-0009 | 1 Microsoft | 2 Windows Me, Windows Xp | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
|
|||||
| CVE-2005-4260 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
|
|||||
| CVE-2003-0630 | 1 Atari800 | 1 Atari800 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument.
|
|||||
| CVE-2006-3027 | 1 Enthrallweb | 1 Ephotos | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp.
|
|||||
| CVE-2002-0546 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
|
|||||
| CVE-2003-1116 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.
|
|||||
| CVE-2001-0849 | 1 Duncan Hall | 1 Viralator | 2025-04-03 | 7.5 HIGH | N/A |
|
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.
|
|||||
| CVE-1999-0657 | 2025-04-03 | N/A | N/A | ||
|
WinGate is being used.
|
|||||
| CVE-2005-4241 | 1 Vcd-db | 1 Vcd-db | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.
|
|||||
| CVE-2006-2392 | 1 Blue Dragon | 1 Php Blue Dragon | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.
|
|||||
| CVE-2000-0269 | 1 Gnu | 1 Emacs | 2025-04-03 | 2.1 LOW | N/A |
|
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
|
|||||
| CVE-2005-3588 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field.
|
|||||
| CVE-1999-1276 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
|
|||||
| CVE-2003-0048 | 1 Putty | 1 Putty | 2025-04-03 | 4.6 MEDIUM | N/A |
|
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
|
|||||
| CVE-2005-0479 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter.
|
|||||
| CVE-2000-0577 | 1 Netscape | 1 Professional Services Ftpserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2006-4036 | 1 Zonemetrics | 1 Zonex Publishers Gold Edition | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2005-2558 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
|
|||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
|
|||||
| CVE-2002-1803 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
|||||
| CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
|
|||||
| CVE-2004-1919 | 1 Crackalaka | 1 Crackalaka | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings.
|
|||||
| CVE-2000-1172 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.
|
|||||
| CVE-2005-0789 | 1 Limewire | 1 Limewire | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request.
|
|||||
| CVE-1999-0901 | 1 Linux-nis | 1 Ypserv | 2025-04-03 | 7.2 HIGH | N/A |
|
ypserv allows a local user to modify the GECOS and login shells of other users.
|
|||||
| CVE-2006-3900 | 1 Tobias Kloy | 1 Tp-book | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
|||||
| CVE-2006-0526 | 1 Aol | 1 Aol Client Software | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.
|
|||||
| CVE-2005-2316 | 1 Dnrd | 1 Dnrd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer).
|
|||||
| CVE-2004-1446 | 1 Juniper | 1 Netscreen Screenos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
|
|||||
| CVE-1999-0015 | 4 Hp, Microsoft, Netbsd and 1 more | 5 Hp-ux, Windows 95, Windows Nt and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Teardrop IP denial of service.
|
|||||