Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0800 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2002-1518 | 1 Sgi | 1 Irix | 2025-04-03 | 3.6 LOW | N/A |
|
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.
|
|||||
| CVE-2000-0428 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.
|
|||||
| CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.
|
|||||
| CVE-2005-3014 | 1 Ensim | 1 Webppliance | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field.
|
|||||
| CVE-2004-2400 | 1 Winftp Server | 1 Winftp Server | 2025-04-03 | 2.1 LOW | N/A |
|
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.
|
|||||
| CVE-2002-0929 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote attackers to cause a denial of service (reboot) via long DHCP requests.
|
|||||
| CVE-2006-4086 | 1 Ozjournals | 1 Ozjournals | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2004-2019 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.
|
|||||
| CVE-1999-0957 | 1 Great Circle Associates | 1 Majorcool | 2025-04-03 | 2.1 LOW | N/A |
|
MajorCool mj_key_cache program allows local users to modify files via a symlink attack.
|
|||||
| CVE-1999-1482 | 1 Svgalib | 1 Zgv | 2025-04-03 | 7.2 HIGH | N/A |
|
SVGAlib zgv 3.0-7 and earlier allows local users to gain root access via a privilege leak of the iopl(3) privileges to child processes.
|
|||||
| CVE-2003-0091 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
|
|||||
| CVE-2006-3565 | 1 Hivemail | 1 Hivemail | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter.
|
|||||
| CVE-2005-1449 | 1 S9y | 1 Serendipity | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
|
|||||
| CVE-2006-0058 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 7.6 HIGH | N/A |
|
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
|
|||||
| CVE-2005-0330 | 1 People Can Fly | 1 Painkiller | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.
|
|||||
| CVE-2005-1418 | 1 Netleaf Limited | 1 Notjustbrowsing | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.
|
|||||
| CVE-2003-0081 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
|
|||||
| CVE-2000-0127 | 1 Progress | 1 Webspeed | 2025-04-03 | 7.5 HIGH | N/A |
|
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
|
|||||
| CVE-2006-2727 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.5 HIGH | N/A |
|
home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
|
|||||
| CVE-2000-0790 | 1 Microsoft | 3 Windows 2000, Windows 98, Windows 98se | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
|
|||||
| CVE-2006-1164 | 1 Nodez | 1 Nodez | 2025-04-03 | 7.5 HIGH | N/A |
|
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.
|
|||||
| CVE-1999-0371 | 1 University Of Kansas | 1 Lynx | 2025-04-03 | 1.2 LOW | N/A |
|
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
|
|||||
| CVE-2004-0669 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 7.5 HIGH | N/A |
|
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
|
|||||
| CVE-2005-2389 | 1 Symantec Veritas | 2 Netbackup Enterprise Server, Netbackup Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference.
|
|||||
| CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.
|
|||||
| CVE-2005-3469 | 1 News2net | 1 News2net | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2003-0992 | 1 Gnu | 1 Mailman | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
|
|||||
| CVE-2006-4829 | 1 Blojsom | 1 Blojsom | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.
|
|||||
| CVE-2004-1592 | 1 Ocportal | 1 Ocportal | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.
|
|||||
| CVE-2005-4825 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-03 | 5.7 MEDIUM | N/A |
|
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332.
|
|||||
| CVE-2005-4704 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
|
|||||
| CVE-2006-2425 | 1 Phpremoteview | 1 Phpremoteview | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields.
|
|||||
| CVE-2002-0098 | 1 Boozt | 1 Boozt Standard | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
|
|||||
| CVE-2005-1319 | 1 Horde | 1 Imp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-2006-4950 | 1 Cisco | 1 Ios | 2025-04-03 | 10.0 HIGH | N/A |
|
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.
|
|||||
| CVE-1999-1558 | 1 Digital | 2 Digital Openvms, Digital Openvms Axp | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
|
|||||
| CVE-2006-1466 | 1 Apple | 2 Mac Os X, Xcode | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.
|
|||||
| CVE-2002-1774 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.5 HIGH | N/A |
|
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed
|
|||||
| CVE-2005-4082 | 1 Qnx | 1 Qnx | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks.
|
|||||