Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0796 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
|
FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.
|
|||||
| CVE-2001-0053 | 3 David Madore, Netbsd, Openbsd | 3 Ftpd-bsd, Netbsd, Openbsd | 2025-04-03 | 10.0 HIGH | N/A |
|
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
|
|||||
| CVE-1999-1084 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.
|
|||||
| CVE-2005-4243 | 1 Quickpaypro | 1 Quickpaypro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
|
|||||
| CVE-2001-0088 | 1 Jason Hines | 1 Phpweblog | 2025-04-03 | 7.5 HIGH | N/A |
|
common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.
|
|||||
| CVE-2000-0107 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2001-0124 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
|
|||||
| CVE-2000-1125 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
|
|||||
| CVE-2005-3596 | 1 Iisworks | 1 Aspknowledgebase | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp.
|
|||||
| CVE-1999-0895 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Firewall-1 does not properly restrict access to LDAP attributes.
|
|||||
| CVE-2004-2615 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
|
|||||
| CVE-1999-0354 | 1 Microsoft | 2 Internet Explorer, Word | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.
|
|||||
| CVE-2004-1566 | 1 Silent-storm | 1 Silent-storm Portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.
|
|||||
| CVE-1999-0037 | 2 Freebsd, Redhat | 2 Freebsd, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.
|
|||||
| CVE-1999-1129 | 1 Cisco | 2 Catalyst 2900 Vlan, Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
|
|||||
| CVE-2003-0431 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 10.0 HIGH | N/A |
|
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.
|
|||||
| CVE-2002-0186 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
|
|||||
| CVE-2005-2860 | 1 Nikto | 1 Nikto | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.
|
|||||
| CVE-2005-2428 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the Clnt ...
Show More |
|||||
| CVE-2003-0188 | 2 Lv, Redhat | 3 Lv, Linux, Lv | 2025-04-03 | 7.2 HIGH | N/A |
|
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
|
|||||
| CVE-2000-1074 | 1 Netscape | 1 Iplanet Ical | 2025-04-03 | 10.0 HIGH | N/A |
|
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
|
|||||
| CVE-2002-1079 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request.
|
|||||
| CVE-2005-2757 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
|
|||||
| CVE-2001-0237 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
|
|||||
| CVE-2005-1042 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.
|
|||||
| CVE-2003-0503 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
|
|||||
| CVE-2005-1508 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
|
|||||
| CVE-2005-1171 | 1 Datenbank Module | 1 Datenbank Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-1999-1411 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
|
|||||
| CVE-2005-3771 | 1 Joomla | 1 Joomla | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
|
|||||
| CVE-2003-1159 | 1 Plug And Play | 1 Plug And Play Web Server Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.
|
|||||
| CVE-1999-0844 | 1 Deerfield | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in MDaemon WorldClient and WebConfig services via a long URL.
|
|||||
| CVE-2002-1181 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
|
|||||
| CVE-2006-2147 | 1 Resmgr | 1 Resmgrd | 2025-04-03 | 3.6 LOW | N/A |
|
resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different vulnerability than CVE-2005-4788.
|
|||||
| CVE-2004-2180 | 1 Wowbb | 1 Wowbb Web Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.
|
|||||
| CVE-2003-1084 | 1 Tildeslash | 1 Monit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
|
|||||
| CVE-2002-1178 | 1 Jetty | 1 Jetty Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
|
|||||
| CVE-2000-1106 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
|
|||||
| CVE-2006-0690 | 1 Scheduling Management.com | 1 Time Tracking Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2005-1088 | 1 Dameware Development | 2 Mini Remote Control, Nt Utilities | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights.
|
|||||