Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4436 | 1 Extended Interior Gateway Routing Protocol | 1 Extended Interior Gateway Routing Protocol | 2025-04-03 | 7.8 HIGH | N/A |
|
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).
|
|||||
| CVE-2005-0391 | 1 Daniel De Rauglaudre | 1 Geneweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files.
|
|||||
| CVE-2005-0631 | 1 Pblang | 1 Pblang | 2025-04-03 | 2.1 LOW | N/A |
|
delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.
|
|||||
| CVE-2003-0615 | 3 Cgi.pm, Debian, Openpkg | 3 Cgi.pm, Debian Linux, Openpkg | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
|
|||||
| CVE-2004-1641 | 1 South River Technologies | 1 Titan Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
|
|||||
| CVE-2000-1008 | 1 Palm | 1 Palm Os | 2025-04-03 | 4.6 MEDIUM | N/A |
|
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
|
|||||
| CVE-2002-2095 | 1 Joe Testa | 1 Hellbent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow.
|
|||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
|
|||||
| CVE-2000-0883 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
|
|||||
| CVE-2001-0860 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
|
|||||
| CVE-2002-0645 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
|
|||||
| CVE-2002-0638 | 3 Hp, Mandrakesoft, Redhat | 5 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 6.2 MEDIUM | N/A |
|
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
|
|||||
| CVE-2000-0057 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.
|
|||||
| CVE-2000-1007 | 1 Symantec | 1 I-gear | 2025-04-03 | 5.0 MEDIUM | N/A |
|
I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.
|
|||||
| CVE-2000-0098 | 1 Microsoft | 1 Index Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
|
|||||
| CVE-2003-0285 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
|
|||||
| CVE-1999-0670 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.
|
|||||
| CVE-2005-0219 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.
|
|||||
| CVE-1999-0376 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
|
|||||
| CVE-2006-1342 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
|
|||||
| CVE-1999-0474 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
|
|||||
| CVE-2006-3857 | 1 Ibm | 1 Informix Dynamic Database Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
|
|||||
| CVE-2005-0792 | 1 Zpanel | 1 Zpanel | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.
|
|||||
| CVE-2006-2683 | 1 Open-medium | 1 Open-medium Cms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter.
|
|||||
| CVE-2006-4621 | 1 Bare Concept Media | 1 Pheap Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531.
|
|||||
| CVE-2006-1314 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
|
|||||
| CVE-2006-2495 | 1 S9y | 1 Serendipity | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
|
|||||
| CVE-2001-1217 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
|
|||||
| CVE-2006-1905 | 1 Xine | 1 Xine | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
|
|||||
| CVE-2004-0496 | 5 Gentoo, Linux, Mandrakesoft and 2 more | 13 Linux, Linux Kernel, Mandrake Linux and 10 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
|
|||||
| CVE-2005-2402 | 1 Phpsitesearch | 1 Phpsitesearch | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-2001-0139 | 5 Caldera, Debian, Immunix and 2 more | 7 Openlinux Desktop, Openlinux Edesktop, Openlinux Eserver and 4 more | 2025-04-03 | 1.2 LOW | N/A |
|
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
|
|||||
| CVE-2005-4427 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.
|
|||||
| CVE-2006-1080 | 1 Game-panel | 1 Game-panel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value.
|
|||||
| CVE-2005-3694 | 1 Centericq | 1 Centericq | 2025-04-03 | 7.8 HIGH | N/A |
|
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
|
|||||
| CVE-2004-0059 | 1 Lionmax Software | 1 Www File Share Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.
|
|||||
| CVE-2005-1370 | 1 Hp | 1 Openview Radia Management Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.
|
|||||
| CVE-2005-1491 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html.
|
|||||
| CVE-2005-3100 | 1 Astaro | 1 Security Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
|
|||||
| CVE-2005-4088 | 1 W2b | 1 Phpforumpro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters.
|
|||||