Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1557 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.
|
|||||
| CVE-2005-1502 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
|
|||||
| CVE-2001-1260 | 1 Avaya | 1 Argent Office | 2025-04-03 | 10.0 HIGH | N/A |
|
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
|
|||||
| CVE-1999-1116 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.
|
|||||
| CVE-2003-0749 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
|
|||||
| CVE-1999-0225 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
|
|||||
| CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
|
|||||
| CVE-2004-1372 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
|
|||||
| CVE-2000-0416 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
|
|||||
| CVE-2003-0176 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan.
|
|||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
|
|||||
| CVE-2004-1310 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.
|
|||||
| CVE-2004-2418 | 1 Whitsoft Development | 1 Slimftpd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.
|
|||||
| CVE-2006-0536 | 1 Neomail | 1 Neomail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort".
|
|||||
| CVE-2004-1552 | 1 Full Revolution | 1 Aspwebcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
|
|||||
| CVE-2005-1960 | 1 C.j. Steele | 1 Tattle | 2025-04-03 | 7.5 HIGH | N/A |
|
The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username.
|
|||||
| CVE-2000-1124 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
|
|||||
| CVE-1999-0219 | 1 Cat Soft | 1 Serv-u | 2025-04-03 | 7.8 HIGH | N/A |
|
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
|
|||||
| CVE-2003-0656 | 1 Eroaster | 1 Eroaster | 2025-04-03 | 2.1 LOW | N/A |
|
eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.
|
|||||
| CVE-2001-0048 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
|
|||||
| CVE-2005-3066 | 1 Scriptsolutions | 1 Perldiver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.
|
|||||
| CVE-1999-1019 | 1 Cabletron | 1 Spectrum Enterprise Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.
|
|||||
| CVE-1999-0640 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The Gopher service is running.
|
|||||
| CVE-2004-0841 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
|
|||||
| CVE-2005-4759 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages.
|
|||||
| CVE-2005-0809 | 1 Notify Technology | 1 Notifylink | 2025-04-03 | 7.5 HIGH | N/A |
|
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.
|
|||||
| CVE-2005-2857 | 1 Softstack | 1 Free Smtp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).
|
|||||
| CVE-2006-1437 | 1 Upoint | 1 At1 Event Publisher | 2025-04-03 | 5.0 MEDIUM | N/A |
|
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt.
|
|||||
| CVE-2005-0377 | 1 Sergey Kiselev | 1 Sgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.
|
|||||
| CVE-2001-0176 | 1 Voyant Technologies | 1 Sonata | 2025-04-03 | 7.2 HIGH | N/A |
|
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges.
|
|||||
| CVE-2003-0063 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 7.5 HIGH | 7.3 HIGH |
|
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field.
|
|||||
| CVE-2005-4429 | 1 Cs-cart | 1 Cs-cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
|
|||||
| CVE-2002-1757 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 7.5 HIGH | N/A |
|
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
|
|||||
| CVE-2004-0971 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 2.1 LOW | N/A |
|
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
|
|||||
| CVE-2002-1583 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
|
|||||
| CVE-2003-1192 | 1 Truenorth Software | 1 Ia Webmail Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
|
|||||
| CVE-2005-0049 | 1 Microsoft | 2 Sharepoint Portal Server, Sharepoint Team Services | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
|
|||||
| CVE-2002-0829 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
|
|||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||