Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2978 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 7.5 HIGH | N/A |
|
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
|
|||||
| CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
|
|||||
| CVE-2006-2253 | 1 Otterware | 1 Statit | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter.
|
|||||
| CVE-2002-1834 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
|
|||||
| CVE-2006-2555 | 1 Genecys | 1 Genecys | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference.
|
|||||
| CVE-2001-0489 | 1 Gftp | 1 Gftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
|
|||||
| CVE-2006-1253 | 1 Glftpd | 1 Glftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address.
|
|||||
| CVE-2002-0416 | 1 Sh39 | 1 Mailserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
|
|||||
| CVE-2002-1826 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2025-04-03 | 4.6 MEDIUM | N/A |
|
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.
|
|||||
| CVE-2005-1355 | 1 Includer.cgi | 1 Includer.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801.
|
|||||
| CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
|
|||||
| CVE-2001-1508 | 1 Sco | 1 Openserver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.
|
|||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2025-04-03 | 7.5 HIGH | N/A |
|
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.
|
|||||
| CVE-2006-0509 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.
|
|||||
| CVE-2003-0646 | 1 Trend Micro | 2 Damage Cleanup Server, Housecall | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings.
|
|||||
| CVE-2006-4681 | 1 Ibm | 1 Director | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
|
|||||
| CVE-2000-0692 | 1 Iss | 1 Realsecure | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.
|
|||||
| CVE-2001-1061 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
|
|||||
| CVE-2004-0353 | 1 Gnu | 1 Anubis | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.
|
|||||
| CVE-2006-0068 | 1 Primo Place | 1 Primo Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php.
|
|||||
| CVE-2006-1806 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.
|
|||||
| CVE-2000-0163 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
|
|||||
| CVE-2000-0051 | 1 Allaire | 1 Spectra | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
|
|||||
| CVE-2000-0853 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2004-1889 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows.
|
|||||
| CVE-2006-4852 | 1 Quadcomm | 1 Q-shop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
|
|||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
|||||
| CVE-2004-1772 | 1 Gnu | 1 Sharutils | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
|
|||||
| CVE-2003-1212 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
|
|||||
| CVE-2004-1260 | 1 Abctab2ps | 1 Abctab2ps | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function in parse.cpp for abctab2ps 1.6.3 allow remote attackers to execute arbitrary code via crafted ABC files.
|
|||||
| CVE-2006-0302 | 1 Zyxel | 1 P2000w Version 2 Voip Wifi Phone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090.
|
|||||
| CVE-2006-0139 | 1 Pd9 Software | 1 Megabbs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter.
|
|||||
| CVE-2001-1109 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
|
|||||
| CVE-2001-1283 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
|
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
|
|||||
| CVE-2005-3822 | 1 Vtiger | 1 Vtiger Crm | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
|
|||||
| CVE-2002-1778 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.
|
|||||
| CVE-2005-4272 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
|
|||||
| CVE-2004-1513 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.
|
|||||
| CVE-2005-4694 | 1 Plain Black | 1 Webgui | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2005-3919 | 1 Pblang | 1 Pblang | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php.
|
|||||