Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1259 | 1 Microsoft | 1 Office | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
|
|||||
| CVE-2002-1549 | 1 Light Httpd | 1 Light Httpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2002-0280 | 1 Codeblue | 1 Codeblue | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply.
|
|||||
| CVE-2006-1396 | 1 Cholod | 1 Mysql Based Message Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2002-2100 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
|
|||||
| CVE-1999-1582 | 1 Cisco | 1 Pix Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
|
|||||
| CVE-1999-0570 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
|
|||||
| CVE-2005-0161 | 1 E-merge | 1 Unace | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
|
|||||
| CVE-2005-3005 | 1 Helpdesk Software | 1 Hesk | 2025-04-03 | 7.5 HIGH | N/A |
|
Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
|
|||||
| CVE-1999-0487 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
|
|||||
| CVE-2006-1517 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
|
|||||
| CVE-2003-0832 | 1 Webfs | 1 Webfs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
|
|||||
| CVE-2004-0621 | 1 Zaireweb Solutions | 1 Newsletter Zws | 2025-04-03 | 10.0 HIGH | N/A |
|
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
|
|||||
| CVE-2001-1299 | 1 Zorbat | 1 Zorbstats | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2002-0265 | 1 Sawmill | 1 Sawmill | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.
|
|||||
| CVE-2006-3997 | 1 Wowroster | 1 Wowroster | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
|
|||||
| CVE-2006-3878 | 1 Opsware | 1 Network Automation System | 2025-04-03 | 2.1 LOW | N/A |
|
Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.
|
|||||
| CVE-2005-1601 | 1 Mro Software | 1 Maximo Self Service | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties.
|
|||||
| CVE-1999-0671 | 1 Toxsoft | 1 Nextftp | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in ToxSoft NextFTP client through CWD command.
|
|||||
| CVE-2005-4354 | 1 University Of Arizona | 1 Webglimpse | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-2005-2683 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.
|
|||||
| CVE-2000-0586 | 1 Dalnet | 1 Ircd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.
|
|||||
| CVE-2005-3326 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
|
|||||
| CVE-2002-0489 | 1 Linux Directory Penguin | 1 Nslookup | 2025-04-03 | 10.0 HIGH | N/A |
|
Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.
|
|||||
| CVE-2005-1604 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.
|
|||||
| CVE-1999-1320 | 1 Novell | 1 Netware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
|
|||||
| CVE-2005-2725 | 1 Qnx | 1 Rtos | 2025-04-03 | 2.1 LOW | N/A |
|
The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.
|
|||||
| CVE-2006-3373 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.
|
|||||
| CVE-2004-1003 | 1 Trend Micro | 1 Scanmail Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.
|
|||||
| CVE-1999-1133 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users.
|
|||||
| CVE-2005-0958 | 1 Yepyep | 1 Mtftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.
|
|||||
| CVE-2005-2582 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | 3.6 LOW | N/A |
|
Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.
|
|||||
| CVE-2004-0564 | 2 Debian, Roaring Penguin | 2 Debian Linux, Pppoe | 2025-04-03 | 2.1 LOW | N/A |
|
Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.
|
|||||
| CVE-2006-3161 | 1 Saphp | 1 Saphplesson | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
|
|||||
| CVE-2000-0687 | 1 Cgi Script Center | 1 Auction Weaver | 2025-04-03 | 10.0 HIGH | N/A |
|
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
|
|||||
| CVE-2004-2312 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
|
|||||
| CVE-1999-1021 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
|
|||||
| CVE-2000-1137 | 1 Gnu | 1 Ed | 2025-04-03 | 4.6 MEDIUM | N/A |
|
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
|
|||||
| CVE-2002-1919 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields.
|
|||||
| CVE-2005-4604 | 1 Jean-jacques Sarton | 1 Mtink | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
|
|||||