Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4492 | 1 Cybozu | 1 Cybozu Office | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
|
|||||
| CVE-2002-1078 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters.
|
|||||
| CVE-2005-1239 | 1 Raz-lee | 1 Security\+\+\+ | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
|
|||||
| CVE-2005-1742 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
|
|||||
| CVE-2004-1740 | 1 Music Daemon | 1 Music Daemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
|
|||||
| CVE-2006-0428 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.
|
|||||
| CVE-2002-1680 | 1 Cows | 1 Cgi Online Worldweb Shopping | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shopping 1.1 (a.k.a. COWS) allows remote attackers to execute arbitrary script as other users by injecting script into (1) diagnose.cgi or (2) compatible.cgi.
|
|||||
| CVE-2006-1928 | 1 Cisco | 1 Ios Xr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.
|
|||||
| CVE-2001-1421 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
|
|||||
| CVE-2005-0811 | 1 Notify Technology | 1 Notifylink | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.
|
|||||
| CVE-2006-4725 | 1 Adobe | 1 Coldfusion | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
|
|||||
| CVE-2004-0072 | 1 Accipiter | 1 Accipiter Direct Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.
|
|||||
| CVE-2000-0976 | 1 Xfree86 Project | 1 Xlib | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
|
|||||
| CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
|
|||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2000-1200 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
|
|||||
| CVE-2000-0990 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2025-04-03 | 7.5 HIGH | N/A |
|
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.
|
|||||
| CVE-1999-0903 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
|
|||||
| CVE-2005-1633 | 1 Jgs-xa | 1 Jgs-portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to (jgs_portal_beitraggraf.php, 4) tag parameter to (jgs_portal_viewsgraf.php, 5) year parameter to (jgs_portal_themengraf.php, 6) year parameter to (jgs_portal_mitgraf.php, 7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Langua ...
Show More |
|||||
| CVE-2005-3920 | 1 Babe Logger | 1 Babe Logger | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.
|
|||||
| CVE-2002-1847 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
|
|||||
| CVE-2002-1999 | 1 Hp | 1 Praesidium Webproxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests.
|
|||||
| CVE-2005-2944 | 1 Brent Ely | 1 Gnome Workstation Command Center | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file.
|
|||||
| CVE-2006-2520 | 1 Bitberry Software | 1 Bitzipper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive.
|
|||||
| CVE-2001-1050 | 1 Cccsoftware | 1 Ccc | 2025-04-03 | 7.5 HIGH | N/A |
|
CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2005-1464 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (infinite loop).
|
|||||
| CVE-2006-2273 | 1 Verisign | 1 I-nav | 2025-04-03 | 9.3 HIGH | N/A |
|
The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.
|
|||||
| CVE-2005-2885 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 7.5 HIGH | N/A |
|
The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.
|
|||||
| CVE-2002-0448 | 1 Xerver | 1 Xerver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
|
|||||
| CVE-2003-1270 | 1 An | 1 An-http | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability.
|
|||||
| CVE-1999-0356 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
|
|||||
| CVE-2005-4365 | 1 Flip | 1 Flip | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.
|
|||||
| CVE-2000-0467 | 1 Sam Lantinga | 1 Splitvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.
|
|||||
| CVE-2006-2972 | 1 Arantius | 1 Vice Stats | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2005-0433 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.
|
|||||
| CVE-2004-0998 | 1 Telnetd | 2 Telnetd, Telnetd-ssl | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2004-2360 | 1 Targem Games | 1 Battle Mages | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent.
|
|||||
| CVE-2003-0058 | 2 Mit, Sun | 4 Kerberos 5, Enterprise Authentication Mechanism, Solaris and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
|
|||||
| CVE-2005-4565 | 1 Adtran | 1 Netvanta | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
|
|||||
| CVE-2005-1084 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter.
|
|||||