Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0452 | 1 Redhat | 1 Fedora Core | 2025-04-03 | 5.0 MEDIUM | N/A |
|
dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.
|
|||||
| CVE-2001-0580 | 1 Hughes Technologies | 1 Dsl Vdns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
|
|||||
| CVE-2006-4569 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-1999-1102 | 4 Apple, Bsd, Sgi and 1 more | 4 A Ux, Bsd, Irix and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
|
|||||
| CVE-2002-1784 | 1 Hp | 1 Tru64 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors.
|
|||||
| CVE-2006-2770 | 1 Pppblog | 1 Pppblog | 2025-04-03 | 5.4 MEDIUM | N/A |
|
Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
|
|||||
| CVE-2005-2331 | 1 Moosegallery | 1 Moosegallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter.
|
|||||
| CVE-2002-1176 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.
|
|||||
| CVE-1999-0992 | 1 Hp | 1 Vvos | 2025-04-03 | 10.0 HIGH | N/A |
|
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
|
|||||
| CVE-2002-1335 | 1 W3m | 1 W3m | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.
|
|||||
| CVE-1999-1212 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.
|
|||||
| CVE-2001-1040 | 1 Hp | 1 Jetadmin | 2025-04-03 | 6.4 MEDIUM | N/A |
|
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.
|
|||||
| CVE-2005-3884 | 1 Zainu | 1 Zainu | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.
|
|||||
| CVE-1999-0130 | 7 Bsdi, Caldera, Eric Allman and 4 more | 7 Bsd Os, Network Desktop, Sendmail and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Local users can start Sendmail in daemon mode and gain root privileges.
|
|||||
| CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
|
|||||
| CVE-2004-1357 | 1 Sun | 1 Solaris | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
|
|||||
| CVE-2003-1256 | 1 E-theni | 1 E-theni | 2025-04-03 | 6.8 MEDIUM | N/A |
|
aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.
|
|||||
| CVE-2000-0290 | 1 4d | 1 Webstar Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
|
|||||
| CVE-2005-0605 | 8 Altlinux, Lesstif, Mandrakesoft and 5 more | 11 Alt Linux, Lesstif, Mandrake Linux and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
|
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
|
|||||
| CVE-2005-4772 | 1 Suse | 5 Suse Linux, Suse Linux Openexchange Server, Suse Linux School Server and 2 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
|
|||||
| CVE-1999-0932 | 1 Mediahouse Software | 1 Statistics Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.
|
|||||
| CVE-2004-0850 | 1 Joerg Schilling | 1 Star Tape Archiver | 2025-04-03 | 7.2 HIGH | N/A |
|
Star before 1.5_alpha46 does not drop the effective user ID (euid) before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious program.
|
|||||
| CVE-2006-1328 | 1 Skull-splitter | 1 Download Counter Wallpaper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter.
|
|||||
| CVE-2002-1397 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
|
|||||
| CVE-2005-3572 | 1 Peel | 1 Peel | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.
|
|||||
| CVE-1999-0630 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The NT Alerter and Messenger services are running.
|
|||||
| CVE-2006-3813 | 1 Redhat | 1 Enterprise Linux | 2025-04-03 | 2.1 LOW | N/A |
|
A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.
|
|||||
| CVE-2005-3838 | 1 Isolsoft | 1 Support Center | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter.
|
|||||
| CVE-2006-3163 | 1 Imgallery | 1 Imgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
|
|||||
| CVE-2003-1135 | 1 Yahoo | 1 Messenger | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
|
|||||
| CVE-2001-1228 | 1 Gnu | 1 Gzip | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
|
|||||
| CVE-2001-1266 | 1 Doug Neal | 1 Dnhttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
|
|||||
| CVE-2006-0383 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
|
|||||
| CVE-1999-0518 | 1 Microsoft | 1 Windows 95 | 2025-04-03 | 7.5 HIGH | N/A |
|
A NETBIOS/SMB share password is guessable.
|
|||||
| CVE-2006-4993 | 1 Allmyguests Project | 1 Allmyguests | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).
|
|||||
| CVE-2002-1981 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
|
|||||
| CVE-2002-0627 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
|
|||||
| CVE-2001-0665 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
|
|||||
| CVE-2005-2132 | 1 Sco | 1 Unixware | 2025-04-03 | 2.1 LOW | N/A |
|
RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.
|
|||||
| CVE-2002-1839 | 1 Trend Micro | 1 Interscan Viruswall For Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
|
|||||