Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0452 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A service or application has a backdoor password that was placed there by the developer.
|
|||||
| CVE-2006-3754 | 1 Flushcms | 1 Flushcms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter.
|
|||||
| CVE-2005-1109 | 1 Junkbuster | 1 Internet Junkbuster | 2025-04-03 | 7.5 HIGH | N/A |
|
The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.
|
|||||
| CVE-2006-4191 | 1 Xmb Software | 1 Extreme Message Board | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
|
|||||
| CVE-2006-4899 | 1 Broadcom | 1 Etrust Security Command Center | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
|
|||||
| CVE-1999-1273 | 1 National Science Foundation | 1 Squid Web Proxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.
|
|||||
| CVE-2000-0226 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
|
|||||
| CVE-2006-0470 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
|
|||||
| CVE-2006-2001 | 1 Scry Gallery | 1 Scry Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.
|
|||||
| CVE-2005-1597 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
|
|||||
| CVE-2001-0196 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
|
|||||
| CVE-2004-0126 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
|
|||||
| CVE-2002-1034 | 1 Sun | 1 I-runbook | 2025-04-03 | 10.0 HIGH | N/A |
|
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
|
|||||
| CVE-2002-0082 | 2 Apache-ssl, Mod Ssl | 2 Apache-ssl, Mod Ssl | 2025-04-03 | 7.5 HIGH | N/A |
|
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
|
|||||
| CVE-1999-0852 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.2 HIGH | N/A |
|
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
|
|||||
| CVE-2005-2262 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
|
|||||
| CVE-2003-0996 | 1 Broadcom | 1 Unicenter Remote Control Host | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
|
|||||
| CVE-2005-1232 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-3845 | 1 Rarlab | 1 Winrar | 2025-04-03 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.
|
|||||
| CVE-2001-0869 | 3 Caldera, Redhat, Suse | 5 Openlinux Eserver, Openlinux Workstation, Linux and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
|
|||||
| CVE-1999-0184 | 1 Isc | 1 Bind | 2025-04-03 | 6.4 MEDIUM | N/A |
|
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.
|
|||||
| CVE-2000-1199 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
|
|||||
| CVE-2005-4192 | 1 Horde | 1 Mnemo Note Manager H3 | 2025-04-03 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad.
|
|||||
| CVE-2000-1130 | 1 Network Associates | 1 Webshield Smtp | 2025-04-03 | 7.5 HIGH | N/A |
|
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
|
|||||
| CVE-2003-0513 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
|
|||||
| CVE-2006-2547 | 1 Sap | 1 Sapdba | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
|
|||||
| CVE-2002-1414 | 1 Inter7 | 1 Qmailadmin | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
|
|||||
| CVE-2006-3427 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.
|
|||||
| CVE-2005-3800 | 1 Macromedia | 1 Contribute Publishing Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.
|
|||||
| CVE-2000-0340 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
|
|||||
| CVE-2006-3692 | 1 Silentweb | 1 Listmessenger | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis
|
|||||
| CVE-1999-0223 | 1 Sun | 1 Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
|
|||||
| CVE-2003-0344 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
|
|||||
| CVE-2006-0113 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message.
|
|||||
| CVE-2005-0502 | 1 Xinkaa Web Station | 1 Xinkaa Web Station | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.
|
|||||
| CVE-2005-3531 | 1 Miklos Szeredi | 1 Fuse | 2025-04-03 | 2.1 LOW | N/A |
|
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.
|
|||||
| CVE-2001-0617 | 1 Alliedtelesyn | 1 At-ar220e | 2025-04-03 | 7.5 HIGH | N/A |
|
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
|
|||||
| CVE-2000-0646 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.
|
|||||
| CVE-2005-3575 | 1 Cynox | 1 Cyphor | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2003-0385 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option.
|
|||||