Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.
|
|||||
| CVE-2005-2393 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
|
|||||
| CVE-2001-0290 | 1 Gnu | 1 Mailman | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
|
|||||
| CVE-2006-2982 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php.
|
|||||
| CVE-2004-1733 | 1 Mydms | 1 Mydms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
|
|||||
| CVE-2002-2402 | 1 Surecom | 1 Ep-4501 | 2025-04-03 | 10.0 HIGH | N/A |
|
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
|
|||||
| CVE-2005-2579 | 1 Nortel | 1 Contivity | 2025-04-03 | 7.2 HIGH | N/A |
|
Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.
|
|||||
| CVE-2001-0752 | 1 Cisco | 1 Cbos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
|
|||||
| CVE-2002-1497 | 1 Nulllogic | 1 Null Httpd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
|
|||||
| CVE-2004-0115 | 1 Microsoft | 1 Virtual Pc | 2025-04-03 | 4.6 MEDIUM | N/A |
|
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
|
|||||
| CVE-2005-1072 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2000-0106 | 1 Easycart | 1 Easycart | 2025-04-03 | 7.5 HIGH | N/A |
|
The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2006-1132 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
|
|||||
| CVE-2002-0721 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
|
|||||
| CVE-2005-3937 | 1 Softbiz | 1 B2b Trading Marketplace Script | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
|
|||||
| CVE-2004-0535 | 6 Conectiva, Engardelinux, Gentoo and 3 more | 17 Linux, Secure Community, Secure Linux and 14 more | 2025-04-03 | 2.1 LOW | N/A |
|
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
|
|||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2025-04-03 | 7.2 HIGH | N/A |
|
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
|
|||||
| CVE-2005-3948 | 1 Phpalbum.net | 1 Phpalbum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.
|
|||||
| CVE-2006-0419 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
|
|||||
| CVE-2005-1735 | 1 Electricmonk | 1 Proms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2006-4052 | 1 Turnkey Web Tools | 1 Php Simple Shop | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.
|
|||||
| CVE-2006-1863 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
|
|||||
| CVE-2006-1929 | 1 I-rater | 1 I-rater Platinum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2005-0953 | 1 Bzip | 1 Bzip2 | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
|
|||||
| CVE-2005-2658 | 1 Softwolves Software | 1 Turquoise Superstat | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month.
|
|||||
| CVE-2006-3784 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 7.2 HIGH | N/A |
|
Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.
|
|||||
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
|
|||||
| CVE-2006-3618 | 1 Pixelated By Lev | 1 Pixelated By Lev Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters.
|
|||||
| CVE-1999-0603 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.
|
|||||
| CVE-2002-0172 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).
|
|||||
| CVE-2005-3141 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.
|
|||||
| CVE-2005-2547 | 1 Bluez Project | 1 Bluez | 2025-04-03 | 7.5 HIGH | N/A |
|
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
|
|||||
| CVE-2005-2268 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
|
|||||
| CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
|
|||||
| CVE-2002-1607 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
|
|||||
| CVE-2005-0162 | 2 Openswan, Xelerance | 2 Openswan, Openswan | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.
|
|||||
| CVE-2003-0614 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter.
|
|||||
| CVE-2002-0333 | 1 Xtell | 1 Xtell | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
|
|||||
| CVE-2000-0520 | 1 Stelian | 1 Pop Dump | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.
|
|||||
| CVE-2002-0816 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.
|
|||||