Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0690 | 2 Cde, Hp | 2 Cde, Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
HP CDE program includes the current directory in root's PATH variable.
|
|||||
| CVE-2004-1849 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
|
|||||
| CVE-1999-0176 | 1 Webgais Development Team | 1 Webgais | 2025-04-03 | 7.5 HIGH | N/A |
|
The Webgais program allows a remote user to execute arbitrary commands.
|
|||||
| CVE-2005-4023 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2003-0647 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request.
|
|||||
| CVE-2001-0235 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
|
|||||
| CVE-2006-4430 | 1 Cisco | 2 Network Admission Control, Network Admission Control Manager And Server System Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.
|
|||||
| CVE-2002-1890 | 1 Redhat | 1 Rhmask | 2025-04-03 | 2.1 LOW | N/A |
|
rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.
|
|||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.
|
|||||
| CVE-2005-1774 | 1 Davfs2 | 1 Davfs2 | 2025-04-03 | 2.1 LOW | N/A |
|
WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem.
|
|||||
| CVE-2002-1394 | 1 Apache | 1 Tomcat | 2025-04-03 | 7.5 HIGH | N/A |
|
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
|
|||||
| CVE-2005-1726 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
|
|||||
| CVE-2004-0964 | 2 Debian, Zinf | 2 Debian Linux, Zinf | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
|
|||||
| CVE-2006-0158 | 1 Cyberdoc | 1 Sitesuite Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2004-1220 | 1 Digital Illusions | 2 Battlefield 1942, Battlefield Vietnam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.
|
|||||
| CVE-2003-0020 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
|
|||||
| CVE-2005-0423 | 1 Aspjar | 1 Aspjar Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field.
|
|||||
| CVE-2006-0607 | 1 Hinton Design | 1 Phphd | 2025-04-03 | 7.5 HIGH | N/A |
|
check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication.
|
|||||
| CVE-2002-0741 | 1 Psychoid | 1 Psybnc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
|
|||||
| CVE-2006-1944 | 1 Sibsoft | 1 Communimail | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.
|
|||||
| CVE-2002-0629 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server.
|
|||||
| CVE-2005-3081 | 1 Wzdftpd | 1 Wzdftpd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
|
|||||
| CVE-2004-1140 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.
|
|||||
| CVE-2004-2245 | 1 Goollery | 1 Goollery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.
|
|||||
| CVE-2003-0941 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.5 HIGH | N/A |
|
web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa.
|
|||||
| CVE-2004-0075 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
|
|||||
| CVE-2006-3984 | 2 Gianluca Baldo, Phpadsnew | 2 Phpauction, Phpadsnew | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
|
|||||
| CVE-1999-1098 | 1 Bsd | 1 Bsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.
|
|||||
| CVE-2001-1021 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
|
|||||
| CVE-1999-0398 | 1 Ssh | 2 Ssh, Ssh2 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
|
|||||
| CVE-2005-4039 | 1 Web4future | 1 Portal Solutions | 2025-04-03 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.
|
|||||
| CVE-2002-0654 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
|
|||||
| CVE-2005-4222 | 1 Lars Ellingsen | 1 Guestserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified message fields.
|
|||||
| CVE-2005-0777 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile.
|
|||||
| CVE-2004-2053 | 1 Easyins | 1 Easyins | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.
|
|||||
| CVE-2004-2115 | 1 Oracle | 1 Http Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
|
|||||
| CVE-2001-1367 | 1 Phpslice | 1 Phpslice | 2025-04-03 | 10.0 HIGH | N/A |
|
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
|
|||||
| CVE-2004-2270 | 1 Ibm | 1 Parallel Environment | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.
|
|||||
| CVE-2005-4592 | 1 Bogofilter | 1 Email Filter | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.
|
|||||
| CVE-2005-3503 | 1 Pwdutils | 1 Pwdutils | 2025-04-03 | 7.2 HIGH | N/A |
|
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.
|
|||||