Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0299 | 1 Smallftpd | 1 Smallftpd | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.
|
|||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.
|
|||||
| CVE-2002-1474 | 1 Hp | 1 Tru64 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
|
|||||
| CVE-2003-1008 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
|
|||||
| CVE-2005-3182 | 1 Gfi | 1 Mailsecurity | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
|
|||||
| CVE-2005-4801 | 1 Yapig | 1 Yapig | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php.
|
|||||
| CVE-2006-2917 | 1 Qbik | 1 Wingate | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
|
|||||
| CVE-2003-0047 | 1 Van Dyke Technologies | 3 Entunnel, Securecrt, Securefx | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
|
|||||
| CVE-2006-1279 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.
|
|||||
| CVE-1999-0826 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in FreeBSD angband allows local users to gain privileges.
|
|||||
| CVE-1999-0101 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
|
|||||
| CVE-2005-1805 | 1 Online Solutions For Educators | 1 Online Solutions For Educators | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password.
|
|||||
| CVE-2003-0238 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag.
|
|||||
| CVE-1999-1279 | 1 Microsoft | 1 Sna Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
|
|||||
| CVE-2005-2591 | 1 Parlano | 1 Mindalign | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability.
|
|||||
| CVE-2004-1724 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
|
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
|
|||||
| CVE-1999-0309 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
HP-UX vgdisplay program gives root access to local users.
|
|||||
| CVE-2004-2474 | 1 Phpnews | 1 Phpnews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.
|
|||||
| CVE-2002-1270 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.
|
|||||
| CVE-2002-0381 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
|
|||||
| CVE-2003-0024 | 1 Aterm | 1 Aterm | 2025-04-03 | 7.5 HIGH | N/A |
|
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
|
|||||
| CVE-2005-3708 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
|
|||||
| CVE-2001-0479 | 1 Phppgadmin | 1 Phppgadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
|
|||||
| CVE-2006-0311 | 1 Mike Helton | 1 Aoblogger | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2000-0885 | 1 Microsoft | 3 Systems Management Server, Windows 2000, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
|
|||||
| CVE-2006-4336 | 1 Gzip | 1 Gzip | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
|
|||||
| CVE-1999-0163 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 7.2 HIGH | N/A |
|
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
|
|||||
| CVE-2005-4355 | 1 Xmpie | 1 Ustore | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-3735 | 1 Mail2forum | 1 Mail2forum | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php.
|
|||||
| CVE-2005-4448 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 10.0 HIGH | N/A |
|
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.
|
|||||
| CVE-2004-0685 | 3 Linux, Redhat, Trustix | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
|
|||||
| CVE-2006-1407 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.
|
|||||
| CVE-2002-0847 | 1 Tinyproxy | 1 Tinyproxy | 2025-04-03 | 7.5 HIGH | N/A |
|
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).
|
|||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.
|
|||||
| CVE-2003-0067 | 1 Aterm | 1 Aterm | 2025-04-03 | 7.5 HIGH | N/A |
|
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2005-0906 | 3 Instance Four, Sacred, Ubi Soft | 3 Tincat, Sacred, The Settlersheritage Of Kings | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-2291 | 1 Inhouse Associates | 1 Ia-calendar | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-1401 | 1 Php Lite | 1 Calendar Express | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-0740 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
|
|||||
| CVE-1999-1577 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
|
|||||