Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3331 | 1 Rogers Software Source | 1 Mgdiff Patch Viewer | 2025-04-03 | 2.1 LOW | N/A |
|
viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2006-1438 | 1 Andy Grayndler | 1 Andys Php Knowledgebase | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php.
|
|||||
| CVE-2006-3844 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027.
|
|||||
| CVE-2003-0071 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 2.1 LOW | N/A |
|
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
|
|||||
| CVE-2001-1091 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
|
|||||
| CVE-1999-0695 | 1 Sybase | 1 Powerdynamo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.
|
|||||
| CVE-1999-1049 | 1 Broadcom | 1 Arcserve Backup | 2025-04-03 | 10.0 HIGH | N/A |
|
ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password.
|
|||||
| CVE-2006-4651 | 1 Threesquared.net | 1 Php Download Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter.
|
|||||
| CVE-1999-1414 | 1 Ibm | 1 Netfinity Remote Control | 2025-04-03 | 7.2 HIGH | N/A |
|
IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.
|
|||||
| CVE-2002-0822 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.
|
|||||
| CVE-2005-0711 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2003-0076 | 2 Dcgui, Qt-dcgui | 2 Dcgui, Qt-dcgui | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
|
|||||
| CVE-2006-3478 | 1 Myphp Cms | 1 Myphp Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter.
|
|||||
| CVE-2004-0165 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
|
|||||
| CVE-2005-2413 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter.
|
|||||
| CVE-2006-3770 | 1 Phpfaber | 1 Topsites | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.
|
|||||
| CVE-2005-0889 | 1 Dream4 | 1 Koobi Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
|
|||||
| CVE-2003-0972 | 1 Gnu | 1 Screen | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.
|
|||||
| CVE-2004-2015 | 1 Webct | 1 Webct | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.
|
|||||
| CVE-2006-1389 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
|||||
| CVE-2005-4587 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2025-04-03 | 7.8 HIGH | N/A |
|
Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port).
|
|||||
| CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2025-04-03 | 7.8 HIGH | N/A |
|
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
|
|||||
| CVE-2005-4473 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."
|
|||||
| CVE-1999-0347 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
|
|||||
| CVE-2006-1913 | 1 Jax Scripts | 1 Jax Guestbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2001-0939 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
|
|||||
| CVE-1999-1564 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
|
|||||
| CVE-2005-4805 | 1 Sun | 1 Java System Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
|
|||||
| CVE-2004-2020 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
|
|||||
| CVE-2006-4659 | 1 Panda | 1 Panda Platinum Internet Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.
|
|||||
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
|
|||||
| CVE-2003-0500 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
|
|||||
| CVE-2006-2441 | 1 Pioneers | 1 Pioneers Meta-server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.
|
|||||
| CVE-2006-4461 | 1 Paessler | 1 Ipcheck Server Monitor | 2025-04-03 | 10.0 HIGH | N/A |
|
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.
|
|||||
| CVE-2001-0431 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
|
|||||
| CVE-2005-0469 | 1 Ncsa | 1 Telnet | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
|
|||||
| CVE-1999-1381 | 1 Dbadmin | 1 Dbadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2000-1148 | 1 Volano Llc | 1 Volanochatpro | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
|
|||||
| CVE-2002-0630 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
|
|||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
|
|||||