Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0095 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 10.0 HIGH | N/A |
|
The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
|
|||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
|
|||||
| CVE-2005-0378 | 1 Horde | 1 Horde | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
|
|||||
| CVE-2004-0552 | 1 Sophos | 1 Small Business Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
|
|||||
| CVE-2003-0973 | 1 Apache | 1 Mod Python | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
|
|||||
| CVE-2006-0661 | 1 Scriptme | 2 Sme Blog Host, Sme Gb Host | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag.
|
|||||
| CVE-2005-3664 | 2 F-secure, Kaspersky Lab | 3 F-secure Anti-virus, Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file.
|
|||||
| CVE-2004-0561 | 1 University Of Minnesota | 1 Gopherd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2006-0128 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors.
|
|||||
| CVE-2006-1910 | 1 S9y | 1 Serendipity | 2025-04-03 | 7.5 HIGH | N/A |
|
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-0232 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
|
|||||
| CVE-2006-1005 | 1 Cactusoft | 1 Parodia | 2025-04-03 | 6.4 MEDIUM | N/A |
|
agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-2373 | 1 Whitsoft Development | 1 Slimftpd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.
|
|||||
| CVE-2006-2211 | 1 321soft | 1 Php-gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.
|
|||||
| CVE-1999-0597 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.
|
|||||
| CVE-2005-3287 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.
|
|||||
| CVE-2001-1256 | 1 Hp | 1 Hp-ux | 2025-04-03 | 1.2 LOW | N/A |
|
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
|
|||||
| CVE-2002-0745 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in uucp in AIX 4.3.3.
|
|||||
| CVE-1999-0473 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | 2.1 LOW | N/A |
|
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
|
|||||
| CVE-2002-0410 | 1 Aeromail | 1 Aeromail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
send_message.php in AeroMail before 1.45 allows remote attackers to read arbitrary files on the server, instead of just uploaded files, via an attachment that modifies the filename to be uploaded.
|
|||||
| CVE-2002-0922 | 1 Cgiscript.net | 1 Csnews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.
|
|||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).
|
|||||
| CVE-2002-2159 | 1 Linksys | 3 Befsr11, Befsr41, Befsru31 | 2025-04-03 | 10.0 HIGH | N/A |
|
Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain access.
|
|||||
| CVE-2002-1634 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.
|
|||||
| CVE-2005-2111 | 1 Community Link Pro Web Editor | 1 Community Link Pro Web Editor | 2025-04-03 | 7.5 HIGH | N/A |
|
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
|
|||||
| CVE-2005-3482 | 1 Cisco | 3 Aironet Ap1131, Aironet Ap1200, Aironet Ap1240 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.
|
|||||
| CVE-2005-3329 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
|
|||||
| CVE-2005-2395 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
|
|||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters.
|
|||||
| CVE-1999-0470 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
|
|||||
| CVE-2006-0835 | 1 Mitridat | 1 Web Calendar Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter.
|
|||||
| CVE-2005-0612 | 1 Cisco | 7 Ipvc-3510-mcu, Ipvc-3520-gw-2b, Ipvc-3520-gw-2b2v and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration.
|
|||||
| CVE-2005-2648 | 1 W-agora | 1 W-agora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.
|
|||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
|
|||||
| CVE-2002-2081 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
|
|||||
| CVE-2006-4373 | 1 Derek Leung | 1 Pslash | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
|
|||||
| CVE-2000-0627 | 1 Blackboard | 1 Courseinfo | 2025-04-03 | 7.5 HIGH | N/A |
|
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
|
|||||
| CVE-2006-3067 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow.
|
|||||
| CVE-2006-4862 | 1 Easypagecms | 1 Easypagecms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page.
|
|||||
| CVE-2005-4638 | 1 Kayako | 1 Supportsuite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module.
|
|||||