Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0222 | 1 Cisco | 1 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Cisco IOS web server allows attackers to reboot the router using a long URL.
|
|||||
| CVE-2002-0845 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.
|
|||||
| CVE-2005-3546 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2025-04-03 | 7.2 HIGH | N/A |
|
suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege.
|
|||||
| CVE-2006-3637 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
|
|||||
| CVE-2001-0820 | 1 Gaztek | 1 Ghttp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
|
|||||
| CVE-2005-1712 | 1 Sy9 | 1 Serendipity | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files.
|
|||||
| CVE-2002-0450 | 1 Talentsoft | 1 Web\+ Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
|
|||||
| CVE-1999-0038 | 7 Bsdi, Data General, Debian and 4 more | 8 Bsd Os, Dg Ux, Debian Linux and 5 more | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Buffer overflow in xlock program allows local users to execute commands as root.
|
|||||
| CVE-2005-4212 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.
|
|||||
| CVE-2006-2174 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.
|
|||||
| CVE-2004-0010 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
|
|||||
| CVE-2005-4162 | 1 Acme Labs | 1 Perlcal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter.
|
|||||
| CVE-2005-1966 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
|
|||||
| CVE-2002-0296 | 1 Tarantella | 1 Tarantella Enterprise | 2025-04-03 | 1.2 LOW | N/A |
|
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
|
|||||
| CVE-2004-1345 | 1 Sun | 3 Enterprise Storage Manager, Storedge 3310 Scsi Array, Storedge 3510 Fc Array | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
|
|||||
| CVE-2005-1672 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket.
|
|||||
| CVE-2002-0975 | 1 Microsoft | 1 Directx Files Viewer Control | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
|
|||||
| CVE-2006-4090 | 1 Webligo | 1 Bloghoster | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php.
|
|||||
| CVE-2006-2911 | 1 Hotwebscripts | 1 Cms Mundo | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2002-0680 | 3 Goahead Software, Montavista Software, Orange Software | 3 Goahead Webserver, Hard Hat Linux, Orange Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.
|
|||||
| CVE-2002-1032 | 1 Key Focus | 1 Kf Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header.
|
|||||
| CVE-2005-4163 | 1 Milky | 1 Captcha Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter.
|
|||||
| CVE-2002-0896 | 1 Swatch | 1 Swatch | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.
|
|||||
| CVE-2006-2931 | 1 Hotwebscripts | 1 Cms Mundo | 2025-04-03 | 5.1 MEDIUM | N/A |
|
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.
|
|||||
| CVE-2006-2022 | 1 Ls3 | 1 Fenice | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
|
|||||
| CVE-2002-1180 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
|
|||||
| CVE-2005-2231 | 1 High Availability Linux Project | 1 Heartbeat | 2025-04-03 | 2.1 LOW | N/A |
|
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2005-2290 | 1 Wps | 1 Web Portal System | 2025-04-03 | 10.0 HIGH | N/A |
|
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
|
|||||
| CVE-2006-1752 | 1 Michiel Van Baak | 1 Mvblog | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.
|
|||||
| CVE-2006-3822 | 1 Geodesicsolutions | 1 Geoauctions Enterprise | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.
|
|||||
| CVE-2002-2202 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 3.8 LOW | N/A |
|
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
|
|||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability.
|
|||||
| CVE-2004-1670 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
|
|||||
| CVE-2003-1249 | 1 Businessobjects | 1 Webintelligence | 2025-04-03 | 7.5 HIGH | N/A |
|
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
|
|||||
| CVE-2005-4351 | 4 Dragonfly, Freebsd, Linux and 1 more | 4 Dragonfly, Freebsd, Linux Kernel and 1 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
|
|||||
| CVE-2006-2304 | 1 Novell | 1 Client | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.
|
|||||
| CVE-2004-0550 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
|
|||||
| CVE-2005-2258 | 1 Squitosoft | 1 Squito Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.
|
|||||
| CVE-1999-0483 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 2.1 LOW | N/A |
|
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
|
|||||
| CVE-2000-0332 | 1 Ultrascripts | 1 Ultraboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.
|
|||||