Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1137 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
|
|||||
| CVE-2004-1984 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
|
|||||
| CVE-2006-1979 | 1 Manic Web | 1 Mwguest | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.
|
|||||
| CVE-2005-1402 | 1 Mtp-target | 1 Mtp-target | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.
|
|||||
| CVE-2005-1675 | 1 Groove | 2 Groove Workspace, Virtual Office | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information.
|
|||||
| CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-2434 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.
|
|||||
| CVE-2005-2563 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template.
|
|||||
| CVE-2005-3359 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules.
|
|||||
| CVE-2006-1296 | 1 Beagle-project | 1 Beagle | 2025-04-03 | 7.5 HIGH | N/A |
|
Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH.
|
|||||
| CVE-2005-0314 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.
|
|||||
| CVE-2006-0715 | 1 Solucija | 1 Snews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.
|
|||||
| CVE-2006-1933 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.
|
|||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.
|
|||||
| CVE-2000-0042 | 1 Csm | 1 Mail Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
|
|||||
| CVE-2006-2120 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 2.1 LOW | N/A |
|
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
|
|||||
| CVE-2001-1275 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.2 HIGH | N/A |
|
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
|
|||||
| CVE-2005-2695 | 1 Cisco | 2 Ciscoworks Management Center For Ids Sensors, Ciscoworks Monitoring Center For Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).
|
|||||
| CVE-2003-0471 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
|
|||||
| CVE-2003-0299 | 2 Mutt, Stuart Parmenter | 2 Mutt, Balsa | 2025-04-03 | 7.5 HIGH | N/A |
|
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
|
|||||
| CVE-2003-0931 | 1 Sygate Technologies | 1 Enforcer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999.
|
|||||
| CVE-2000-1141 | 1 Recourse Technologies | 1 Mantrap | 2025-04-03 | 2.1 LOW | N/A |
|
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
|
|||||
| CVE-2002-1199 | 3 Caldera, Sco, Sun | 4 Openlinux, Openserver, Solaris and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
|
|||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character.
|
|||||
| CVE-2005-0152 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
|
|||||
| CVE-2000-0036 | 1 Microsoft | 2 Ie, Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
|
|||||
| CVE-2006-3188 | 1 Sharky E-shop | 1 Sharky E-shop | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-0130 | 1 Berlios | 1 Konversation | 2025-04-03 | 7.5 HIGH | N/A |
|
Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.
|
|||||
| CVE-1999-1366 | 1 David Harris | 1 Pegasus Mail | 2025-04-03 | 3.6 LOW | N/A |
|
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
|
|||||
| CVE-2004-0901 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
|
|||||
| CVE-1999-1385 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
|
|||||
| CVE-2004-1548 | 1 Onnuri Infotek | 1 Activepost Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename.
|
|||||
| CVE-2002-1617 | 1 Hp | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to execute arbitrary code via (1) a long -contextDir argument to dtaction, (2) a long -p argument to dtprintinfo, (3) a long -customization argument to dxterm, or (4) a long DISPLAY environment variable to dtterm.
|
|||||
| CVE-2000-0576 | 1 Oracle | 1 Web Listener | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
|
|||||
| CVE-2004-0335 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.
|
|||||
| CVE-2004-0332 | 1 Extremail | 1 Extremail | 2025-04-03 | 10.0 HIGH | N/A |
|
Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.
|
|||||
| CVE-2006-4960 | 1 Blue Dragon | 1 Php Blue Dragon | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.
|
|||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
|
|||||
| CVE-2002-0731 | 1 Vqsoft | 1 Vqserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.
|
|||||
| CVE-2006-0356 | 1 Ari Pikivirta | 1 Home Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command.
|
|||||