Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
|
|||||
| CVE-2006-2121 | 1 I-rater | 1 I-rater Platinum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
|
|||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.6 MEDIUM | N/A |
|
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
|
|||||
| CVE-2006-4349 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php
|
|||||
| CVE-2005-1386 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portugues ...
Show More |
|||||
| CVE-2004-0806 | 1 Cdrtools | 1 Cdrecord | 2025-04-03 | 7.2 HIGH | N/A |
|
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
|
|||||
| CVE-2006-2302 | 1 Duware | 1 Dugallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field.
|
|||||
| CVE-1999-0087 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.
|
|||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
|
|||||
| CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
|
|||||
| CVE-1999-0791 | 1 Hybrid Network | 2 Cable Modem, Hsmp | 2025-04-03 | 10.0 HIGH | N/A |
|
Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.
|
|||||
| CVE-1999-0588 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
A filter in a router or firewall allows unusual fragmented packets.
|
|||||
| CVE-2001-0359 | 2 Sierra, Valve Software | 2 Half-life, Half-life Dedicated Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command.
|
|||||
| CVE-2002-1020 | 1 Adobe | 1 Adobe Content Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available.
|
|||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230.
|
|||||
| CVE-1999-0025 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
root privileges via buffer overflow in df command on SGI IRIX systems.
|
|||||
| CVE-2004-1269 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2025-04-03 | 5.0 MEDIUM | N/A |
|
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
|
|||||
| CVE-1999-0773 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris lpset program allows local users to gain root access.
|
|||||
| CVE-2001-1576 | 1 Caldera | 1 Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.
|
|||||
| CVE-2002-0849 | 1 Cisco | 1 Iscsi Driver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password.
|
|||||
| CVE-2004-2091 | 1 Microsoft | 1 Baseline Security Analyzer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
|
|||||
| CVE-2002-2199 | 1 Freebsd | 1 Advanced Intrusion Detection Environment | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection.
|
|||||
| CVE-1999-0278 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
|
|||||
| CVE-2002-0989 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 7.5 HIGH | N/A |
|
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.
|
|||||
| CVE-2005-3206 | 1 Oracle | 1 Database Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.
|
|||||
| CVE-2003-1304 | 1 Early Impact | 1 Productcart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.
|
|||||
| CVE-2006-3263 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2005-2920 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
|
|||||
| CVE-2006-1940 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.
|
|||||
| CVE-1999-0031 | 2 Microsoft, Netscape | 2 Internet Explorer, Communicator | 2025-04-03 | 2.6 LOW | N/A |
|
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
|
|||||
| CVE-2002-0657 | 1 Openssl | 1 Openssl | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
|
|||||
| CVE-2005-4559 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.
|
|||||
| CVE-2001-1072 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
|
|||||
| CVE-2003-0746 | 1 Hp | 1 Openview | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.
|
|||||
| CVE-2006-4258 | 1 John Hanna | 1 Anti-spam Smtp Proxy Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter.
|
|||||
| CVE-2005-4051 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
|
|||||
| CVE-2006-3244 | 1 Anthill | 1 Anthill | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php.
|
|||||
| CVE-2002-1585 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
|
|||||
| CVE-2005-2791 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command.
|
|||||
| CVE-2003-0742 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious "hostname" program.
|
|||||