Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4211 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2002-0469 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2025-04-03 | 7.2 HIGH | N/A |
|
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
|
|||||
| CVE-2005-2220 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in t ...
Show More |
|||||
| CVE-2003-0587 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-04-03 | 6.9 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
|
|||||
| CVE-2006-2462 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
|
|||||
| CVE-1999-1413 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.
|
|||||
| CVE-2006-4749 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE- ...
Show More |
|||||
| CVE-2005-1001 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.
|
|||||
| CVE-2001-0559 | 1 Paul Vixie | 1 Vixie Cron | 2025-04-03 | 7.2 HIGH | N/A |
|
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
|
|||||
| CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
|
|||||
| CVE-2005-3564 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
|
|||||
| CVE-2004-1018 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the ...
Show More |
|||||
| CVE-2005-1337 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.
|
|||||
| CVE-1999-0269 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Enterprise servers may list files through the PageServices query.
|
|||||
| CVE-2003-1183 | 1 Oracle | 1 Oracle Files | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
|
|||||
| CVE-2000-0450 | 1 Sean Macguire | 1 Big Brother | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in bbd server in Big Brother System and Network Monitor allows an attacker to execute arbitrary commands.
|
|||||
| CVE-2003-0433 | 1 Gnocatan-develop | 1 Gnocatan | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.
|
|||||
| CVE-1999-0478 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.
|
|||||
| CVE-2006-0142 | 1 Andromeda Software | 1 Andromeda | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1579 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.
|
|||||
| CVE-2006-2659 | 1 Double Precision Incorporated | 1 Courier Mta | 2025-04-03 | 7.8 HIGH | N/A |
|
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
|
|||||
| CVE-2005-3356 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors.
|
|||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.
|
|||||
| CVE-1999-1397 | 1 Microsoft | 1 Index Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
|
|||||
| CVE-2004-0006 | 2 Rob Flynn, Ultramagnetic | 2 Gaim, Ultramagnetic | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
|
|||||
| CVE-2003-0039 | 1 Isc | 1 Dhcpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
|
|||||
| CVE-2002-2083 | 1 Novell | 1 Netware | 2025-04-03 | 2.1 LOW | N/A |
|
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
|
|||||
| CVE-2006-3371 | 1 Eupla | 1 Foros | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
|||||
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields.
|
|||||
| CVE-2005-2704 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
|
|||||
| CVE-2005-1465 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).
|
|||||
| CVE-2005-3360 | 1 Trend Micro | 1 Pc-cillin 2005 | 2025-04-03 | 7.2 HIGH | N/A |
|
The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files.
|
|||||
| CVE-2001-0701 | 1 Sun | 1 Sunvts | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
|
|||||
| CVE-2002-1519 | 2 Rapidstream, Watchguard | 2 Rapidstream, Firebox | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
|
|||||
| CVE-2006-1120 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.p ...
Show More |
|||||
| CVE-2005-3143 | 1 4d | 1 Webstar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2.
|
|||||
| CVE-2002-0018 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
|
|||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
|
|||||
| CVE-2006-3419 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.
|
|||||
| CVE-2003-1263 | 1 Brown Bear Software | 1 Ical | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name.
|
|||||