Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2286 | 2 Activestate, Larry Wall | 2 Activeperl, Perl | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.
|
|||||
| CVE-2005-1437 | 1 Osticket | 1 Osticket | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
|
|||||
| CVE-1999-1085 | 1 Ssh | 1 Secure Shell | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."
|
|||||
| CVE-2005-3380 | 1 Panda | 1 Titanium 2005 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2005-3733 | 1 Juniper | 8 Junos E, Junos J, Junos M and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies t ...
Show More |
|||||
| CVE-2000-0901 | 1 Juergen | 1 Weigert Screen | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.
|
|||||
| CVE-2004-1039 | 1 Sco | 2 Openserver, Unixware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.
|
|||||
| CVE-1999-1561 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
|
|||||
| CVE-2005-3048 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
|
|||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2025-04-03 | 10.0 HIGH | N/A |
|
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
|
|||||
| CVE-2006-1472 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
|
|||||
| CVE-2004-0037 | 1 Opentext | 1 Opentext Firstclass Desktop Client | 2025-04-03 | 7.5 HIGH | N/A |
|
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
|
|||||
| CVE-2002-0360 | 1 Sun | 1 Solaris Answerbook2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program.
|
|||||
| CVE-2004-1669 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html.
|
|||||
| CVE-2005-3149 | 1 Uim | 1 Uim | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.
|
|||||
| CVE-2006-3676 | 1 Planet Concept | 1 Planetgallery | 2025-04-03 | 5.1 MEDIUM | N/A |
|
admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.
|
|||||
| CVE-2002-1094 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request.
|
|||||
| CVE-2001-1331 | 2 Debian, Progeny | 2 Debian Linux, Debian | 2025-04-03 | 1.2 LOW | N/A |
|
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
|
|||||
| CVE-2001-1480 | 2 Apple, Sun | 4 Mac Os Runtime For Java, Jdk, Jre and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
|
|||||
| CVE-2005-3486 | 1 Scorched 3d | 1 Scorched 3d | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.
|
|||||
| CVE-2005-2333 | 1 Seo-board | 1 Seo-board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter.
|
|||||
| CVE-2005-0353 | 1 Safenet | 1 Sentinel License Manager | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
|
|||||
| CVE-2005-3878 | 1 Alex King | 1 Php Doc System | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
|
|||||
| CVE-2002-0430 | 1 Sun | 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 | 2025-04-03 | 3.7 LOW | N/A |
|
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
|
|||||
| CVE-2006-4496 | 1 Iwebnegar | 1 Iwebnegar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
|
|||||
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005.
|
|||||
| CVE-1999-1107 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
|
|||||
| CVE-2004-1408 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | 7.5 HIGH | N/A |
|
The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files.
|
|||||
| CVE-2004-1457 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite.
|
|||||
| CVE-1999-1078 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.
|
|||||
| CVE-2002-0134 | 1 Avirt | 1 Avirt Gateway Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
|
|||||
| CVE-2002-0500 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
|
|||||
| CVE-2005-1660 | 1 Htmljunction | 1 Ezguestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password.
|
|||||
| CVE-2000-0396 | 1 Pacific Software | 1 Carello | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.
|
|||||
| CVE-2004-1892 | 1 Emule | 1 Emule | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.
|
|||||
| CVE-2001-1403 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
|
|||||
| CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Land IP denial of service.
|
|||||
| CVE-2002-1577 | 1 Sap | 1 Sap R 3 | 2025-04-03 | 7.5 HIGH | N/A |
|
SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.
|
|||||
| CVE-2005-2665 | 1 Elm Development Group | 1 Elm | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.
|
|||||
| CVE-2004-2192 | 1 Turbotraffictrader | 1 Turbotraffictrader Php | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter.
|
|||||