Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0879 | 1 Vortex Portal | 1 Vortex Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter.
|
|||||
| CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
|
|||||
| CVE-2006-3555 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.
|
|||||
| CVE-2000-0829 | 1 Redhat | 2 Linux, Tmpwatch | 2025-04-03 | 2.1 LOW | N/A |
|
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
|
|||||
| CVE-1999-1144 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
|
|||||
| CVE-2006-0335 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML.
|
|||||
| CVE-2006-1793 | 1 Runcms | 1 Runcms | 2025-04-03 | 7.6 HIGH | N/A |
|
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
|
|||||
| CVE-2001-1178 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
|
|||||
| CVE-2005-2813 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
|
|||||
| CVE-2006-3976 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2025-04-03 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
|
|||||
| CVE-2006-2284 | 2 Claroline, Dokeos | 2 Claroline, Dokeos | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.
|
|||||
| CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 10.0 HIGH | N/A |
|
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
|
|||||
| CVE-2005-3145 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data.
|
|||||
| CVE-2001-1026 | 1 Trend Micro | 1 Interscan Applettrap | 2025-04-03 | 7.5 HIGH | N/A |
|
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
|
|||||
| CVE-2001-0335 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
|
|||||
| CVE-2003-1454 | 4 Invision Power Services, Linux, Microsoft and 1 more | 4 Invision Board, Linux Kernel, All Windows and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
|
|||||
| CVE-2006-0195 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
|
|||||
| CVE-2003-0708 | 1 Tomi Manninen | 1 Linuxnode | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2005-0061 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
|
|||||
| CVE-2004-1235 | 7 Avaya, Conectiva, Linux and 4 more | 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
|
|||||
| CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections.
|
|||||
| CVE-2000-0804 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
|
|||||
| CVE-2006-3341 | 1 Myads | 1 Myads | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter.
|
|||||
| CVE-2003-0561 | 1 Iglooftp | 1 Iglooftp Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands.
|
|||||
| CVE-1999-0501 | 2025-04-03 | 4.6 MEDIUM | N/A | ||
|
A Unix account has a guessable password.
|
|||||
| CVE-2005-4136 | 1 Fad Solutions | 1 Drzes Hms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.
|
|||||
| CVE-2006-0427 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
|
|||||
| CVE-2006-4635 | 1 Squiz | 1 Mysource Classic | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.
|
|||||
| CVE-2004-2504 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.2 HIGH | N/A |
|
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
|
|||||
| CVE-2005-3388 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
|
|||||
| CVE-2005-2778 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.
|
|||||
| CVE-2002-1613 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
|
|||||
| CVE-2002-1776 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.5 HIGH | N/A |
|
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed
|
|||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
|
|||||
| CVE-2004-0418 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
|
|||||
| CVE-1999-1521 | 1 Computalynx | 1 Cmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to a buffer overflow attack in the MAIL FROM command that may allow a remote attacker to execute arbitrary code on the server.
|
|||||
| CVE-2005-1759 | 1 Shtool | 1 Shtool | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.
|
|||||
| CVE-2005-4466 | 1 Interactive Intelligence | 1 Interaction Sip Proxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters.
|
|||||
| CVE-2001-1239 | 1 Connect Inc. | 1 Powernet Ix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
|
|||||
| CVE-2002-0652 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().
|
|||||