Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0104 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
|
|||||
| CVE-2006-4850 | 1 Bolinos | 1 Blinos | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
|
|||||
| CVE-2005-3439 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component.
|
|||||
| CVE-2006-3327 | 1 E-cbd.biz | 1 Custom Dating Biz Dating Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.
|
|||||
| CVE-2005-0831 | 1 Php-post | 1 Php-post Web Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.
|
|||||
| CVE-2004-1636 | 1 Net Integration Technologies Inc. | 1 Wvtftp | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
|
|||||
| CVE-1999-1509 | 1 Etype | 1 Eserv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL.
|
|||||
| CVE-2005-3025 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
|
|||||
| CVE-2005-2717 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
|
|||||
| CVE-1999-0177 | 1 Oreilly | 1 Website | 2025-04-03 | 7.5 HIGH | N/A |
|
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.
|
|||||
| CVE-2002-2049 | 1 Dug Song | 3 Dsniff, Fragroute, Fragrouter | 2025-04-03 | 7.5 HIGH | N/A |
|
configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system.
|
|||||
| CVE-2006-2698 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 7.8 HIGH | N/A |
|
Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.
|
|||||
| CVE-2001-0858 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.
|
|||||
| CVE-2002-0784 | 1 Lysias | 1 Lidik Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot).
|
|||||
| CVE-2004-0061 | 1 Lionmax Software | 1 Www File Share Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
|
|||||
| CVE-2004-1571 | 1 Aj-fork | 1 Aj-fork | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message.
|
|||||
| CVE-2003-0011 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
|
|||||
| CVE-2005-2842 | 1 Dameware Development | 1 Mini Remote Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.
|
|||||
| CVE-2005-2552 | 1 Hp | 1 Proliant Dl585 | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down."
|
|||||
| CVE-2002-1970 | 1 Snortcenter | 1 Snortcenter | 2025-04-03 | 2.1 LOW | N/A |
|
SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers.
|
|||||
| CVE-2000-1204 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
|
|||||
| CVE-2004-1459 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.
|
|||||
| CVE-2004-1896 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
|
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
|
|||||
| CVE-2005-2807 | 1 Frox | 1 Frox | 2025-04-03 | 7.2 HIGH | N/A |
|
frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.
|
|||||
| CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
|
|||||
| CVE-2005-1147 | 1 Calendarscript | 1 Calendarscript | 2025-04-03 | 5.0 MEDIUM | N/A |
|
calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information.
|
|||||
| CVE-2005-1496 | 1 Oracle | 2 Application Server, Oracle10g | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
|
|||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments.
|
|||||
| CVE-2006-3439 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
|
|||||
| CVE-2006-2229 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
|
|||||
| CVE-2000-1217 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
|
|||||
| CVE-2001-0499 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
|
|||||
| CVE-2005-3027 | 1 Sybari | 1 Antigen | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment".
|
|||||
| CVE-2001-1398 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.5 HIGH | N/A |
|
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
|
|||||
| CVE-2006-4923 | 1 Esyndicat Portal System | 1 Esyndicat Portal System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
|
|||||
| CVE-2004-2089 | 1 Matrix | 1 Matrix Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command.
|
|||||
| CVE-2000-0590 | 1 Cgi-world | 1 Poll It | 2025-04-03 | 7.5 HIGH | N/A |
|
Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.
|
|||||
| CVE-2004-2554 | 1 Novell | 1 Client Firewall | 2025-04-03 | 7.2 HIGH | N/A |
|
Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges.
|
|||||
| CVE-2006-3829 | 1 Kailash Nadh | 1 Boastmachine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action.
|
|||||
| CVE-2005-3913 | 1 Vchs | 1 Vchs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users.
|
|||||