Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0812 | 1 Samba | 1 Samba | 2025-04-03 | 7.6 HIGH | N/A |
|
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.
|
|||||
| CVE-2005-3252 | 1 Sourcefire | 1 Snort | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
|
|||||
| CVE-2005-3367 | 1 Sparkleblog | 1 Sparkleblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.
|
|||||
| CVE-2005-2952 | 1 Subscribe Me Pro | 1 Subscribe Me Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
|
|||||
| CVE-1999-1244 | 1 Darren Reed | 1 Ipfilter | 2025-04-03 | 7.2 HIGH | N/A |
|
IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file.
|
|||||
| CVE-2001-0490 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
|
|||||
| CVE-2005-4715 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.
|
|||||
| CVE-2006-2004 | 1 Michael Romedahl | 1 Ri Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
|
|||||
| CVE-2002-1250 | 1 Abuse | 1 Abuse | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
|
|||||
| CVE-1999-1071 | 1 Excite | 1 Ews | 2025-04-03 | 7.2 HIGH | N/A |
|
Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.
|
|||||
| CVE-2002-0278 | 1 Add2it | 1 Mailman Free | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter.
|
|||||
| CVE-2002-2060 | 1 Twibright Labs | 1 Links | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images.
|
|||||
| CVE-2001-1085 | 1 Jon Zeeff | 1 Lmail | 2025-04-03 | 3.7 LOW | N/A |
|
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2002-2215 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
|
|||||
| CVE-2003-1152 | 1 Infrontech | 1 Webtide | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
|
|||||
| CVE-2006-3994 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
|
|||||
| CVE-2002-0556 | 1 Deep Forest Software | 1 Quik-serv Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2002-0848 | 1 Cisco | 2 Vpn 5000 Concentrator, Vpn 5000 Concentrator Series Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
|
|||||
| CVE-1999-0191 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
IIS newdsn.exe CGI script allows remote users to overwrite files.
|
|||||
| CVE-2001-1249 | 1 Vwebserver | 1 Vwebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
|
|||||
| CVE-2006-3594 | 1 Cisco | 1 Unified Callmanager | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.
|
|||||
| CVE-2001-0513 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
|
|||||
| CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.
|
|||||
| CVE-2005-0190 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
|
|||||
| CVE-1999-1418 | 1 Mirabilis | 1 Icq Web Front | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found").
|
|||||
| CVE-2000-0957 | 1 Pam Mysql | 1 Pam Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
|
|||||
| CVE-2003-0854 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2025-04-03 | 2.1 LOW | N/A |
|
ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.
|
|||||
| CVE-2006-3130 | 1 Clubpage | 1 Clubpage | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2006-4106 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title.
|
|||||
| CVE-2005-2183 | 1 Phpxmail | 1 Phpxmail | 2025-04-03 | 7.5 HIGH | N/A |
|
class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.
|
|||||
| CVE-2000-1237 | 1 Floosietek | 1 Ftgate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing.
|
|||||
| CVE-2004-1604 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
|
|||||
| CVE-2005-4731 | 1 The Php Group | 1 Pear Html Quickform Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.
|
|||||
| CVE-2005-2986 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2025-04-03 | 7.5 HIGH | N/A |
|
The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges.
|
|||||
| CVE-2001-0551 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
|
|||||
| CVE-1999-1432 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.
|
|||||
| CVE-2005-4671 | 1 Citypost | 1 Simple Php Upload | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2005-4281 | 1 Zaygo | 1 Hostingcart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi.
|
|||||
| CVE-2006-0408 | 1 Sun | 1 Grid Engine | 2025-04-03 | 7.2 HIGH | N/A |
|
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.
|
|||||
| CVE-2001-0239 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
|
|||||