Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0435 | 1 Gnu | 1 Fileutils | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
|
|||||
| CVE-2006-3221 | 1 Softnews Media Group | 1 Datalife Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
|
|||||
| CVE-2002-0176 | 1 Avaya | 1 Libsafe | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
|
|||||
| CVE-1999-0788 | 1 Knox Software | 1 Arkeia | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Arkiea nlservd allows remote attackers to conduct a denial of service.
|
|||||
| CVE-2005-4191 | 1 Horde | 1 Nag Task List Manager H3 | 2025-04-03 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
|
|||||
| CVE-2002-1225 | 1 Kth | 1 Heimdal | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.
|
|||||
| CVE-2002-0610 | 1 Hp | 1 Mpe Ix | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.
|
|||||
| CVE-2005-0829 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
|
|||||
| CVE-2005-1579 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
|
|||||
| CVE-2002-1283 | 1 Novell | 1 Emframe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute.
|
|||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter.
|
|||||
| CVE-1999-0311 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
fpkg2swpk in HP-UX allows local users to gain root access.
|
|||||
| CVE-2006-3328 | 1 Starflow Software | 1 Hostflow | 2025-04-03 | 5.8 MEDIUM | N/A |
|
new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.
|
|||||
| CVE-2006-3322 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.
|
|||||
| CVE-2002-0660 | 1 Greg Roelofs | 2 Libpng, Libpng3 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.
|
|||||
| CVE-2004-2411 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.
|
|||||
| CVE-2000-0309 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 2.1 LOW | N/A |
|
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
|
|||||
| CVE-1999-1570 | 1 Caldera | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter.
|
|||||
| CVE-2006-1757 | 1 Bill Shupp | 1 Vegadns | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2002-0944 | 1 Deepmetrix | 1 Livestats | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the (1) user-agent or (2) referrer, which are not filtered by the stats program.
|
|||||
| CVE-2003-0696 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
|
|||||
| CVE-2006-3242 | 1 Mutt | 1 Mutt | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
|
|||||
| CVE-2004-2362 | 1 Phpx | 1 Phpx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.
|
|||||
| CVE-2002-1491 | 1 Cisco | 1 Vpn 5000 Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
|
|||||
| CVE-2001-1034 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
|
|||||
| CVE-2001-1177 | 1 Samsung | 2 Ml-85g Gdi Printer Driver, Ml-85p Printer Driver | 2025-04-03 | 6.2 MEDIUM | N/A |
|
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2005-4817 | 1 Tmsnc | 1 Tmsnc | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function.
|
|||||
| CVE-2005-4582 | 1 Scott Draves | 1 Electric Sheep | 2025-04-03 | 7.5 HIGH | N/A |
|
Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. NOTE: the same attack vectors apply to common web browsers that are able to communicate with untrusted web servers, and other problems related to DNS design issues. Therefore this may not be a specific vulnerability. How ...
Show More |
|||||
| CVE-2004-2354 | 2 Francisco Burzi, Warpspeed | 2 Php-nuke, 4nguestbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.
|
|||||
| CVE-2002-1715 | 1 Ssh | 2 Ssh, Ssh2 | 2025-04-03 | 7.2 HIGH | N/A |
|
SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.
|
|||||
| CVE-2003-0449 | 1 Progress | 1 Database | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
|
|||||
| CVE-2001-1271 | 1 Rarsoft | 1 Rar | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
|
|||||
| CVE-2006-0893 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments.
|
|||||
| CVE-2004-0946 | 2 Nfs, Redhat | 3 Nfs-utils, Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 10.0 HIGH | N/A |
|
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.
|
|||||
| CVE-2004-0579 | 2 Debian, William Deich | 2 Debian Linux, Super | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
|
|||||
| CVE-2004-1136 | 1 Globalscape | 1 Cuteftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.
|
|||||
| CVE-1999-1514 | 1 Celtech Software | 1 Expressfs | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
|
|||||
| CVE-2006-1223 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.
|
|||||
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).
|
|||||
| CVE-1999-0203 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 10.0 HIGH | N/A |
|
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
|
|||||