Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1133 | 1 Bsdi | 1 Bsd Os | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
|
|||||
| CVE-2005-1769 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
|
|||||
| CVE-2005-0471 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
|
|||||
| CVE-2005-0489 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory.
|
|||||
| CVE-2006-1383 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not.
|
|||||
| CVE-2001-1288 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
|
|||||
| CVE-2001-0371 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
|
|||||
| CVE-2003-0555 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.5 HIGH | N/A |
|
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
|
|||||
| CVE-2006-2040 | 1 Photokorn | 1 Photokorn | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php.
|
|||||
| CVE-2005-0880 | 1 Vortex Portal | 1 Vortex Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message.
|
|||||
| CVE-2005-1702 | 1 Black Cactus | 2 Warrior Kings, Warrior Kings Battles | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname.
|
|||||
| CVE-2003-0233 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
|
|||||
| CVE-2005-4140 | 1 Website Baker | 1 Website Baker | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
|
|||||
| CVE-2001-0565 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
|
|||||
| CVE-2000-0019 | 1 Ipswitch | 1 Imail | 2025-04-03 | 2.1 LOW | N/A |
|
IMail POP3 daemon uses weak encryption, which allows local users to read files.
|
|||||
| CVE-2000-1146 | 1 Recourse Technologies | 1 Mantrap | 2025-04-03 | 2.1 LOW | N/A |
|
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
|
|||||
| CVE-2006-3336 | 1 Twiki | 1 Twiki | 2025-04-03 | 4.0 MEDIUM | N/A |
|
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
|
|||||
| CVE-2004-0522 | 2 Debian, Gallery Project | 2 Debian Linux, Gallery | 2025-04-03 | 10.0 HIGH | N/A |
|
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
|
|||||
| CVE-2006-2821 | 1 Deltascripts | 1 Pro Publish | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php.
|
|||||
| CVE-2001-0241 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
|
|||||
| CVE-2001-0020 | 1 Cisco | 2 Arrowpoint, Content Services Switch | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-4781 | 1 Sergids | 1 Top Music Module | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php.
|
|||||
| CVE-2002-1383 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.
|
|||||
| CVE-2005-2312 | 1 Realnode | 1 Emilda | 2025-04-03 | 7.5 HIGH | N/A |
|
management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.
|
|||||
| CVE-2000-1100 | 1 Trlinux | 1 Postaci Webmail | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
|
|||||
| CVE-2006-3930 | 1 Mamboxchange | 1 A6mambohelpdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
|
|||||
| CVE-2001-0015 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
|
|||||
| CVE-2004-1582 | 1 Blackboard Internet Newsboard System | 1 Blackboard Internet Newsboard System | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
|
|||||
| CVE-2003-0145 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
|
|||||
| CVE-2006-3153 | 1 Thinkfactory | 1 Ultimate Estate | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2000-0193 | 1 Corel | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
|
|||||
| CVE-2006-3639 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
|
|||||
| CVE-2004-2548 | 1 Netwin | 2 Surgemail, Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
|
|||||
| CVE-2006-4077 | 1 Comet | 1 Comet Webfile Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter.
|
|||||
| CVE-2002-0102 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.
|
|||||
| CVE-2003-1004 | 1 Cisco | 2 Pix Firewall, Pix Firewall Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
|
|||||
| CVE-2005-2096 | 1 Zlib | 1 Zlib | 2025-04-03 | 7.5 HIGH | N/A |
|
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
|
|||||
| CVE-2005-3550 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
|
|||||
| CVE-2006-4959 | 1 Sun | 1 Secure Global Desktop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
|
|||||
| CVE-2000-0354 | 1 Lee Mcloughlin | 1 Mirror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.
|
|||||