Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0202 | 1 Brian Renaud | 1 Metrics | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2002-1650 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
|
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
|
|||||
| CVE-2001-0558 | 1 T. Hauck | 1 Jana Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
|
|||||
| CVE-2004-2339 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed
|
|||||
| CVE-2005-1644 | 1 1two | 1 Livre D Or | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters.
|
|||||
| CVE-2006-1237 | 1 Dsportal | 1 Dsnewsletter | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php.
|
|||||
| CVE-2002-0545 | 1 Cisco | 2 Aironet Ap340, Aironet Ap350 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
|
|||||
| CVE-2001-1172 | 1 Omnisecure | 1 Httprotect | 2025-04-03 | 4.6 MEDIUM | N/A |
|
OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file.
|
|||||
| CVE-1999-0047 | 3 Bsdi, Caldera, Eric Allman | 3 Bsd Os, Openlinux, Sendmail | 2025-04-03 | 10.0 HIGH | N/A |
|
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
|
|||||
| CVE-2002-0434 | 1 Marcus S. Xenakis | 1 Directory.php | 2025-04-03 | 10.0 HIGH | N/A |
|
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
|
|||||
| CVE-2002-1421 | 1 Ilia Alshanetsky | 1 Fudforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
|
|||||
| CVE-2006-1140 | 1 Redblog | 1 Redblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-1999-0381 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
|
|||||
| CVE-2002-1227 | 1 Pam | 1 Pam | 2025-04-03 | 7.5 HIGH | N/A |
|
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
|
|||||
| CVE-2006-4910 | 1 Cisco | 2 Ids Sensor Software, Ips Sensor Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
|
|||||
| CVE-2006-1573 | 1 Mediaslash.com | 1 Mediaslash Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).
|
|||||
| CVE-2003-0430 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
|
|||||
| CVE-2005-3248 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.
|
|||||
| CVE-2006-1539 | 1 Bsd-games | 1 Tetris-bsd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd.
|
|||||
| CVE-1999-1374 | 1 Arpanet | 1 Perlshop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.
|
|||||
| CVE-2006-1986 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.
|
|||||
| CVE-2005-2706 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
|
|||||
| CVE-2005-4474 | 1 Rarlab | 1 Winrar | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the ...
Show More |
|||||
| CVE-2002-0988 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.
|
|||||
| CVE-2004-1233 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.
|
|||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2025-04-03 | 4.3 MEDIUM | N/A |
|
view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS.
|
|||||
| CVE-2005-2625 | 1 Cpaint | 1 Cpaint | 2025-04-03 | 7.5 HIGH | N/A |
|
Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.
|
|||||
| CVE-2003-0573 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact.
|
|||||
| CVE-2005-4169 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.
|
|||||
| CVE-2005-1867 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.
|
|||||
| CVE-2004-1034 | 3 Gentoo, Kaffeine, Xine | 3 Linux, Kaffeine Player, Gxine | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
|
|||||
| CVE-2004-1429 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack.
|
|||||
| CVE-2005-3131 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html.
|
|||||
| CVE-2002-1386 | 1 Ehud Gavron | 1 Tracesroute | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument.
|
|||||
| CVE-2006-3820 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2003-0160 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
|
|||||
| CVE-2002-1675 | 1 Unreal | 1 Unrealircd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Format string vulnerability in the Cio_PrintF function of cio_main.c in Unreal IRCd 3.1.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers.
|
|||||
| CVE-2006-1130 | 1 Ekinboard | 1 Ekinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
|
|||||
| CVE-2004-2218 | 1 Phpmywebhosting | 1 Phpmywebhosting | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
|
|||||
| CVE-1999-1236 | 1 True North | 1 Internet Anywhere Mail Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf.
|
|||||