Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0411 | 1 Claroline | 1 Claroline | 2025-04-03 | 10.0 HIGH | N/A |
|
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
|
|||||
| CVE-2004-0907 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
|
|||||
| CVE-2005-2809 | 1 Silc | 1 Secure Internet Live Conferencing | 2025-04-03 | 2.1 LOW | N/A |
|
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
|
|||||
| CVE-2004-2118 | 1 Tinyserver | 1 Tinyserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow.
|
|||||
| CVE-2005-2490 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread.
|
|||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php.
|
|||||
| CVE-2005-0447 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.
|
|||||
| CVE-2006-2365 | 1 Vizra | 1 Vizra | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2000-0674 | 1 Virtual Vision | 1 Ftp Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.
|
|||||
| CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.
|
|||||
| CVE-2000-0584 | 2 Debian, Freebsd | 2 Debian Linux, Freebsd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
|
|||||
| CVE-2006-4790 | 1 Gnu | 1 Gnutls | 2025-04-03 | 5.0 MEDIUM | N/A |
|
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
|
|||||
| CVE-2001-0931 | 1 Cooolsoft | 1 Powerftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET.
|
|||||
| CVE-2004-1397 | 1 Usemod | 1 Usemodwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.
|
|||||
| CVE-2004-2493 | 1 Hitachi | 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
|
|||||
| CVE-2001-0287 | 1 Symantec Veritas | 1 Cluster Server | 2025-04-03 | 2.1 LOW | N/A |
|
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
|
|||||
| CVE-2004-2157 | 1 S9y | 1 Serendipity | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
|
|||||
| CVE-2004-1790 | 1 Edimax | 1 Full Rate Adsl Router | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2005-4749 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.
|
|||||
| CVE-2004-2161 | 1 Tutos | 1 Tutos | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
|
|||||
| CVE-2005-0721 | 1 Gamearena | 1 Experience2 | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-0495 | 1 Zeroboard | 1 Zeroboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php.
|
|||||
| CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
|
|||||
| CVE-2004-2188 | 1 Dmxready | 1 Dmxready Site Chassis Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2006-2228 | 1 W-agora | 1 W-agora | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
|
|||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.
|
|||||
| CVE-2002-1825 | 1 Wasd | 1 Wasd Http Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable.
|
|||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
|
|||||
| CVE-2003-0768 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
|
|||||
| CVE-2006-1766 | 1 Papoo | 1 Papoo | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php.
|
|||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.
|
|||||
| CVE-2006-0819 | 1 Gnome | 1 Dwarf Http Server | 2025-04-03 | 7.8 HIGH | N/A |
|
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
|
|||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
|
|||||
| CVE-2004-1095 | 2 Debian, Zgv | 3 Debian Linux, Xzgv Image Viewer, Zgv Image Viewer | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same ...
Show More |
|||||
| CVE-2005-4044 | 1 Mr. Cgi Guy | 1 Amazon Search Directory | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter.
|
|||||
| CVE-2001-0397 | 1 Silent Runner | 1 Silent Runner Collector Src | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command.
|
|||||
| CVE-2000-0108 | 1 Intelligent Vending Systems | 1 Intellivend | 2025-04-03 | 7.5 HIGH | N/A |
|
The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2005-1807 | 1 Phpmailer | 1 Phpmailer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.
|
|||||
| CVE-1999-0857 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
FreeBSD gdc program allows local users to modify files via a symlink attack.
|
|||||
| CVE-2001-0046 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
|
|||||