Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1368 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 1.2 LOW | N/A |
|
The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.
|
|||||
| CVE-1999-1285 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
|
|||||
| CVE-2000-0789 | 1 Bardon Data Systems | 1 Winu | 2025-04-03 | 4.6 MEDIUM | N/A |
|
WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.
|
|||||
| CVE-2001-0288 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
|
|||||
| CVE-2004-2471 | 1 Jamesoff | 1 Quoteengine | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2006-0451 | 1 Redhat | 1 Fedora Core | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.
|
|||||
| CVE-2006-1386 | 1 Twiki | 1 Twiki | 2025-04-03 | 7.5 HIGH | N/A |
|
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
|
|||||
| CVE-2005-3277 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.
|
|||||
| CVE-2004-1903 | 1 Blaxxun | 1 Contact 3d | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.
|
|||||
| CVE-2005-1525 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-2187 | 1 Zenphoto | 1 Zenphoto | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
|
|||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
|
|||||
| CVE-2002-0113 | 1 Emc | 1 Networker | 2025-04-03 | 4.6 MEDIUM | N/A |
|
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
|
|||||
| CVE-1999-0951 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
|
|||||
| CVE-2000-1227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
|
|||||
| CVE-2002-1434 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
|
|||||
| CVE-2006-0587 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
|
|||||
| CVE-2005-3621 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
|
|||||
| CVE-2002-1076 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
|
|||||
| CVE-2005-4055 | 1 Cars Portal | 1 Cars Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters.
|
|||||
| CVE-2006-4297 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.
|
|||||
| CVE-2006-3987 | 1 Knusperleicht | 1 Knusperleicht Filemanager | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.
|
|||||
| CVE-2005-0428 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
|
|||||
| CVE-2004-2283 | 1 Daniel Barron | 1 Dansguardian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
|
|||||
| CVE-2005-0610 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
|
|||||
| CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
|
|||||
| CVE-2005-3502 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
|
|||||
| CVE-2001-0603 | 1 Lotus | 1 Domino R5 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.
|
|||||
| CVE-2005-4371 | 1 Acidcat | 1 Acidcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.
|
|||||
| CVE-2005-4049 | 1 Netart Media | 1 Blog System | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php.
|
|||||
| CVE-2004-2461 | 1 Gnu | 1 Gnubiff | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.
|
|||||
| CVE-2006-4217 | 1 Webinsta | 1 Webinsta Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interp ...
Show More |
|||||
| CVE-2004-1453 | 1 Gnu | 1 Glibc | 2025-04-03 | 2.1 LOW | N/A |
|
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
|
|||||
| CVE-2004-0630 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 10.0 HIGH | N/A |
|
The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.
|
|||||
| CVE-2000-0093 | 1 Redhat | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.
|
|||||
| CVE-2005-2360 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.
|
|||||
| CVE-2004-2001 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
|
|||||
| CVE-2004-0592 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626.
|
|||||
| CVE-2003-1023 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
|
|||||