Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3572 | 1 Papoo | 1 Papoo | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
|
|||||
| CVE-2005-3935 | 1 Socketkb | 1 Socketkb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters.
|
|||||
| CVE-1999-0663 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A system-critical program, library, or file has a checksum or other integrity measurement that indicates that it has been modified.
|
|||||
| CVE-2001-0085 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.
|
|||||
| CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers.
|
|||||
| CVE-2003-0685 | 1 Netris | 1 Netris | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.
|
|||||
| CVE-2005-0315 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.
|
|||||
| CVE-2003-1273 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.1 LOW | N/A |
|
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
|
|||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2025-04-03 | 7.2 HIGH | N/A |
|
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
|
|||||
| CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp.
|
|||||
| CVE-2002-1909 | 1 Click2learn | 1 Ingenium Learning Management System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password.
|
|||||
| CVE-2001-0472 | 1 Ibm | 1 High Availability Cluster Multiprocessing | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
|
|||||
| CVE-2006-4075 | 1 Wim Fleischhauer | 1 Docpile We | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.
|
|||||
| CVE-2002-0040 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.
|
|||||
| CVE-2004-1054 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
|
|||||
| CVE-2005-0710 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
|
|||||
| CVE-2006-2330 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
|
|||||
| CVE-2000-0458 | 1 Imp | 1 Imp | 2025-04-03 | 2.1 LOW | N/A |
|
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
|
|||||
| CVE-2006-1082 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts.
|
|||||
| CVE-2006-0739 | 1 Estara | 1 Softphone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits.
|
|||||
| CVE-2005-3249 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.
|
|||||
| CVE-2006-3065 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
|
|||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI.
|
|||||
| CVE-1999-1029 | 1 Ssh | 1 Ssh2 | 2025-04-03 | 7.5 HIGH | N/A |
|
SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
|
|||||
| CVE-2006-2076 | 1 Pdnsd | 1 Pdnsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.
|
|||||
| CVE-2003-1102 | 1 Hummingbird | 1 Cyberdocs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
|
|||||
| CVE-2003-1248 | 1 Positive Software | 1 H-sphere | 2025-04-03 | 7.5 HIGH | N/A |
|
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
|
|||||
| CVE-2004-2005 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
|
|||||
| CVE-2004-0911 | 1 Debian | 1 Netkit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.
|
|||||
| CVE-2005-2287 | 1 Softiacom | 1 Wmailserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.
|
|||||
| CVE-2003-0863 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
|
|||||
| CVE-1999-1037 | 1 Coast | 1 Satan | 2025-04-03 | 7.2 HIGH | N/A |
|
rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.
|
|||||
| CVE-2002-0928 | 1 Pirch | 1 Pirch Irc | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message.
|
|||||
| CVE-2001-1294 | 1 Avtronics | 1 Inetserv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
|
|||||
| CVE-2000-1069 | 1 Cgi-world | 2 Poll It, Poll It Pro | 2025-04-03 | 6.4 MEDIUM | N/A |
|
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
|
|||||
| CVE-2002-1080 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.
|
|||||
| CVE-2001-0861 | 1 Cisco | 1 12000 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
|
|||||
| CVE-2006-0636 | 1 Eyeos Project | 1 Eyeos | 2025-04-03 | 7.5 HIGH | N/A |
|
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.
|
|||||
| CVE-2003-0670 | 1 Sustainable Softworks | 2 Ipnetmonitorx, Ipnetsentryx | 2025-04-03 | 2.1 LOW | N/A |
|
Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow.
|
|||||
| CVE-2000-0750 | 3 Netbsd, Openbsd, Redhat | 3 Netbsd, Openbsd, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
|
|||||