Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
|
|||||
| CVE-2001-0842 | 1 Leoboard | 1 Lb5000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
|
|||||
| CVE-2004-1014 | 4 Debian, Mandrakesoft, Nfs and 1 more | 6 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
|
|||||
| CVE-2006-2067 | 1 Mkportal | 1 Mkportal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
|
|||||
| CVE-2006-4771 | 1 Jbc | 1 Forumjbc | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter.
|
|||||
| CVE-2000-0124 | 1 Surfcontrol | 1 Superscout | 2025-04-03 | 2.1 LOW | N/A |
|
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
|
|||||
| CVE-2006-1703 | 1 Hubert Plisson | 1 Sire | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter.
|
|||||
| CVE-1999-0521 | 2025-04-03 | 7.2 HIGH | N/A | ||
|
An NIS domain name is easily guessable.
|
|||||
| CVE-2002-1242 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
|
|||||
| CVE-2004-1025 | 3 Enlightenment, Gentoo, Redhat | 3 Imlib, Linux, Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
|
|||||
| CVE-2002-1598 | 1 Broadcom | 1 Mlink | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.
|
|||||
| CVE-2006-2913 | 1 Out Of The Trees Web Design | 1 Selectapix | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.
|
|||||
| CVE-2004-0078 | 1 Mutt | 1 Mutt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
|
|||||
| CVE-2006-0693 | 1 Roberto Butti | 1 Calimba | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters.
|
|||||
| CVE-2006-1366 | 1 Motorola | 1 Pebl U6 | 2025-04-03 | 7.8 HIGH | N/A |
|
Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on Bluetooth channel 9.
|
|||||
| CVE-2003-0313 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request.
|
|||||
| CVE-1999-0519 | 1 Microsoft | 4 Outlook, Windows 2000, Windows 95 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
A NETBIOS/SMB share password is the default, null, or missing.
|
|||||
| CVE-2006-1215 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.
|
|||||
| CVE-2003-0306 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
|
|||||
| CVE-2004-1299 | 1 Vilistextum | 1 Vilistextum | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page.
|
|||||
| CVE-2002-0468 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
|
|||||
| CVE-2005-1345 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
|
|||||
| CVE-2005-2150 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
|
|||||
| CVE-2005-0212 | 1 Amp | 1 Amp Ii 3d Game Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet.
|
|||||
| CVE-2001-1082 | 2 Lucent, Simon Horms | 2 Radius, Radius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2006-2044 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2025-04-03 | 7.5 HIGH | N/A |
|
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.
|
|||||
| CVE-2002-0942 | 1 Lumigent | 1 Log Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach.
|
|||||
| CVE-2000-1107 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.
|
|||||
| CVE-1999-0966 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
|
|||||
| CVE-2004-1315 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
|
|||||
| CVE-2006-4232 | 1 Globus | 1 Globus Toolkit | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.
|
|||||
| CVE-2002-0327 | 1 Century Software | 1 Term | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.
|
|||||
| CVE-2006-2464 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
|
|||||
| CVE-2004-2452 | 1 Hitachi | 1 Cosminexus Portal Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
|
|||||
| CVE-2002-2089 | 1 Sun | 1 Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2005-0688 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
|
|||||
| CVE-2004-1556 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time.
|
|||||
| CVE-2006-4082 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | 7.2 HIGH | N/A |
|
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
|
|||||
| CVE-2002-0754 | 2 Freebsd, Kth | 3 Freebsd, Heimdal, Heimdal | 2025-04-03 | 7.2 HIGH | N/A |
|
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
|
|||||
| CVE-2003-0501 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
|
|||||