Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4655 | 2 Sco, Sun | 2 Unixware, Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
|
|||||
| CVE-2006-1144 | 1 David Ravenscroft | 1 Hithost | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.
|
|||||
| CVE-2006-4020 | 1 Php | 1 Php | 2025-04-03 | 4.6 MEDIUM | N/A |
|
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
|
|||||
| CVE-2001-0615 | 1 Faust Informatics | 1 Freestyle Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
|
|||||
| CVE-2005-1898 | 1 Phpthumb | 1 Phpthumb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images.
|
|||||
| CVE-2004-0257 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
|
|||||
| CVE-2005-3530 | 1 Antville | 1 Antville | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document.
|
|||||
| CVE-2002-1942 | 1 Imatix | 1 Xitami | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service (crash) via a large number of concurrent sessions.
|
|||||
| CVE-2004-0105 | 3 Metamail Corporation, Redhat, Sgi | 4 Metamail, Enterprise Linux, Linux Advanced Workstation and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-0252 | 1 Lsoft | 1 Listserv | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in listserv allows arbitrary command execution.
|
|||||
| CVE-2005-3473 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.
|
|||||
| CVE-2002-1082 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded.
|
|||||
| CVE-2003-1101 | 1 Hummingbird | 1 Cyberdocs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.
|
|||||
| CVE-2005-1236 | 1 Duware | 1 Duportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
|
|||||
| CVE-2005-1101 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields.
|
|||||
| CVE-2006-2202 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
|
|||||
| CVE-2002-1515 | 1 Coolforum | 1 Coolforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter.
|
|||||
| CVE-2003-0853 | 2 Gnu, Washington University | 2 Fileutils, Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.
|
|||||
| CVE-2003-0835 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
|
|||||
| CVE-2000-0748 | 1 Openldap | 1 Openldap | 2025-04-03 | 4.6 MEDIUM | N/A |
|
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
|
|||||
| CVE-2003-0033 | 1 Snort | 1 Snort | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.
|
|||||
| CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
|
|||||
| CVE-2006-3346 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter.
|
|||||
| CVE-2000-0862 | 1 Allaire | 1 Spectra | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
|
|||||
| CVE-2004-1210 | 1 Ipcop | 1 Ipcop | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables.
|
|||||
| CVE-2002-1906 | 1 Polycom | 1 Viavideo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
|
|||||
| CVE-2002-0073 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
|
|||||
| CVE-2003-0413 | 1 Sun | 1 One Application Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
|
|||||
| CVE-2005-4519 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
|
|||||
| CVE-1999-0197 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
finger 0@host on some systems may print information on some user accounts.
|
|||||
| CVE-1999-1475 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
|
|||||
| CVE-2002-0068 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
|
|||||
| CVE-2000-1228 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
|
|||||
| CVE-2006-4876 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.
|
|||||
| CVE-2006-2479 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.
|
|||||
| CVE-2005-3577 | 1 Walla Telesite | 1 Walla Telesite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter.
|
|||||
| CVE-2006-2185 | 1 Novell | 1 Netware | 2025-04-03 | 4.0 MEDIUM | N/A |
|
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.
|
|||||
| CVE-1999-1035 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
|
|||||
| CVE-2000-0003 | 1 Sco | 1 Unixware | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
|
|||||
| CVE-2006-0439 | 1 Text Rider | 1 Text Rider | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.
|
|||||