Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3043 | 1 Mall23 | 1 Mall23 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter.
|
|||||
| CVE-2002-0852 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads.
|
|||||
| CVE-2003-0940 | 1 Sap | 1 Sap Db | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
|
|||||
| CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
|
|||||
| CVE-2006-0555 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).
|
|||||
| CVE-2002-0579 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 7.5 HIGH | N/A |
|
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
|
|||||
| CVE-2003-1544 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
|
|||||
| CVE-2002-0992 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
|
|||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter.
|
|||||
| CVE-2006-3116 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
|
|||||
| CVE-2001-0199 | 1 Guido Frassetto | 1 Sedum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request.
|
|||||
| CVE-1999-0910 | 1 Microsoft | 3 Commercial Internet System, Site Server, Site Server Commerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
|
|||||
| CVE-2003-0237 | 1 Mirabilis | 1 Icq | 2025-04-03 | 7.5 HIGH | N/A |
|
The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack.
|
|||||
| CVE-2003-0026 | 1 Isc | 1 Dhcpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.
|
|||||
| CVE-2005-4160 | 1 Torrential | 1 Torrential | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument.
|
|||||
| CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.
|
|||||
| CVE-2005-0399 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.
|
|||||
| CVE-2002-0478 | 1 Foundrynet | 1 Edgeiron | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.
|
|||||
| CVE-2003-0354 | 1 Redhat | 1 Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
|
|||||
| CVE-2005-3121 | 1 Eduard Bloch | 1 Module-assistant | 2025-04-03 | 2.1 LOW | N/A |
|
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
|
|||||
| CVE-2002-2162 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts.
|
|||||
| CVE-1999-1455 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
|
|||||
| CVE-2000-0052 | 3 Mandrakesoft, Redhat, Turbolinux | 3 Mandrake Linux, Linux, Turbolinux | 2025-04-03 | 7.2 HIGH | N/A |
|
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
|
|||||
| CVE-2000-0390 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
|
|||||
| CVE-2005-0581 | 1 Broadcom | 1 License Software | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
|
|||||
| CVE-1999-0056 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Sun's ping program can give root access to local users.
|
|||||
| CVE-2002-0006 | 1 Xchat | 1 Xchat | 2025-04-03 | 7.5 HIGH | N/A |
|
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.
|
|||||
| CVE-2002-0406 | 1 Menasoft | 1 Sphereserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
|
|||||
| CVE-2000-0217 | 2 Openbsd, Ssh | 3 Openssh, Ssh, Ssh2 | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
|
|||||
| CVE-2005-1350 | 1 Leif M. Wright | 1 Ad.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
|
|||||
| CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2025-04-03 | 7.5 HIGH | N/A |
|
The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed.
|
|||||
| CVE-2005-4510 | 1 Extensis | 1 Netpublish Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
|
|||||
| CVE-2005-1630 | 1 Opentools | 1 Attachment Mod | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors.
|
|||||
| CVE-2002-1997 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 7.5 HIGH | N/A |
|
ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension.
|
|||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.
|
|||||
| CVE-2002-2098 | 1 Axspawn | 1 Axspawn | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets.
|
|||||
| CVE-2000-0246 | 1 Microsoft | 6 Commercial Internet System, Internet Information Server, Internet Information Services and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
|
|||||
| CVE-2003-0056 | 1 Slocate | 1 Slocate | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
|
|||||
| CVE-1999-1535 | 1 Persits | 1 Aspupload | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.
|
|||||