Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1700 | 1 Aweb | 1 Scripts Seller | 2025-04-03 | 7.5 HIGH | N/A |
|
Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication.
|
|||||
| CVE-2006-1345 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.
|
|||||
| CVE-2004-1942 | 1 Sun | 1 Patch Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.
|
|||||
| CVE-2004-1508 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.
|
|||||
| CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
|
|||||
| CVE-2001-1333 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 1.2 LOW | N/A |
|
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
|
|||||
| CVE-2006-0818 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.
|
|||||
| CVE-2006-0104 | 1 Ralph Capper | 1 Tinyphpforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.
|
|||||
| CVE-2006-4317 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.
|
|||||
| CVE-2006-0120 | 1 Ibm | 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the ...
Show More |
|||||
| CVE-2005-3782 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
|
|||||
| CVE-1999-0147 | 1 University Of Arizona | 2 Glimpse Http, Webglimpse | 2025-04-03 | 7.5 HIGH | N/A |
|
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.
|
|||||
| CVE-2005-4773 | 1 Vmware | 1 Esx | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console.
|
|||||
| CVE-2002-2186 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
|
|||||
| CVE-2000-1165 | 1 Balabit | 1 Syslog-ng | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.
|
|||||
| CVE-2006-2578 | 1 Esyndicat | 1 Esyndicat Directory | 2025-04-03 | 5.1 MEDIUM | N/A |
|
admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.
|
|||||
| CVE-1999-1317 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
|
|||||
| CVE-2003-0133 | 1 Gnome | 1 Gtkhtml | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
|
|||||
| CVE-2005-2863 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
|
|||||
| CVE-2004-1764 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
|
|||||
| CVE-2005-0099 | 1 Abuse | 1 Abuse-sdl | 2025-04-03 | 2.1 LOW | N/A |
|
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
|
|||||
| CVE-2006-0095 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.
|
|||||
| CVE-1999-0929 | 1 Novell | 2 Http Server, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests.
|
|||||
| CVE-2000-0166 | 1 Interaccess | 1 Interaccess Telnetd Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.
|
|||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
|
|||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been repo ...
Show More |
|||||
| CVE-2005-2888 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.
|
|||||
| CVE-2001-0738 | 2 Debian, Immunix | 2 Debian Linux, Immunix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
|
|||||
| CVE-2005-3995 | 1 Sobexsrv | 1 Sobexsrv | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands.
|
|||||
| CVE-1999-1484 | 1 Microsoft | 1 Msn Setup Bulletin Board Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
|
|||||
| CVE-2006-0801 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.
|
|||||
| CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.
|
|||||
| CVE-2004-2181 | 1 Wowbb | 1 Wowbb Web Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
|
|||||
| CVE-2005-2301 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
|
|||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
|
|||||
| CVE-2006-2289 | 1 Avahi | 1 Avahi | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-1999-0121 | 2025-04-03 | 7.2 HIGH | N/A | ||
|
Buffer overflow in dtaction command gives root access.
|
|||||
| CVE-2003-1144 | 1 Perception | 1 Liteserve | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
|
|||||
| CVE-2006-3771 | 1 Imaginex-resource | 1 Imanage Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/ ...
Show More |
|||||
| CVE-2004-2321 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
|
|||||