Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1513 | 1 3com | 1 Superstack Ii Hub | 2025-04-03 | 7.5 HIGH | N/A |
|
Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
|
|||||
| CVE-2005-4552 | 1 Sun | 1 Solaris Pc Netlink | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
|
|||||
| CVE-2001-0570 | 1 Minicom | 1 Minicom | 2025-04-03 | 7.2 HIGH | N/A |
|
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.
|
|||||
| CVE-2001-1332 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2003-0215 | 1 Battleaxe Software | 1 Bttlxeforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
|
|||||
| CVE-1999-1345 | 1 Auto Ftp | 1 Auto Ftp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred.
|
|||||
| CVE-2002-1996 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.
|
|||||
| CVE-2000-0897 | 1 Max Feoktistov | 1 Small Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
|
|||||
| CVE-2006-2840 | 1 Pmwiki | 1 Pmwiki | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2006-2237 | 1 Awstats | 1 Awstats | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
|
|||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.
|
|||||
| CVE-1999-0516 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
An SNMP community name is guessable.
|
|||||
| CVE-2006-3696 | 1 Agnitum | 1 Outpost Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.
|
|||||
| CVE-2006-0462 | 1 Andonet | 1 Andonet Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.
|
|||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field.
|
|||||
| CVE-2004-2201 | 1 Duware | 1 Duforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
|
|||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.
|
|||||
| CVE-2003-0455 | 1 Imagemagick | 1 Libmagick Library | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
|
|||||
| CVE-2005-4457 | 1 Mailenable | 1 Mailenable Enterprise | 2025-04-03 | 7.5 HIGH | N/A |
|
MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command.
|
|||||
| CVE-2006-2320 | 1 Ideal Science | 1 Idealbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209.
|
|||||
| CVE-2005-0017 | 1 F2c Open Source Project | 1 F2c Translator | 2025-04-03 | 2.1 LOW | N/A |
|
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2000-0986 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
|
|||||
| CVE-2004-1263 | 1 Changepassword | 1 Changepassword | 2025-04-03 | 7.2 HIGH | N/A |
|
changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.
|
|||||
| CVE-2002-2169 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.
|
|||||
| CVE-2006-3791 | 1 Ufo2000 | 1 Ufo2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory.
|
|||||
| CVE-2004-2171 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
|
|||||
| CVE-2002-0046 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
|
|||||
| CVE-2006-2581 | 1 Rwiki | 1 Rwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
|
|||||
| CVE-2004-0466 | 1 Openconnect | 1 Webconnect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
|
|||||
| CVE-2004-2627 | 1 Sun | 1 J2me | 2025-04-03 | 10.0 HIGH | N/A |
|
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
|
|||||
| CVE-2004-1376 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
|
|||||
| CVE-2006-0881 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.
|
|||||
| CVE-2006-3046 | 1 Subtext | 1 Subtext | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in the admin login feature in Subtext 1.5, in a multiblog setup, allows remote administrators of one blog to login to another blog.
|
|||||
| CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2025-04-03 | 2.1 LOW | N/A |
|
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
|
|||||
| CVE-2005-2565 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message.
|
|||||
| CVE-2006-3951 | 1 Mam-moodle Alpha Component | 1 Mam-moodle Alpha Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2004-0634 | 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more | 5 Ethereal, Linux, Mandrake Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
|
|||||
| CVE-2002-1182 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
|
|||||
| CVE-2005-2783 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.
|
|||||