Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0870 | 1 Kde | 1 Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
|
|||||
| CVE-2005-1620 | 1 Soren Boysen | 1 Skull-splitter Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.
|
|||||
| CVE-2003-0155 | 1 Mozilla | 1 Bonsai | 2025-04-03 | 5.0 MEDIUM | N/A |
|
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
|
|||||
| CVE-2001-0982 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
|
|||||
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
|
|||||
| CVE-2005-4734 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
|
|||||
| CVE-2005-3279 | 1 Jan Kybic | 1 Bitmap Viewer | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option.
|
|||||
| CVE-2006-2743 | 1 Drupal | 1 Drupal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
|
|||||
| CVE-2004-2193 | 1 Cjoverkill | 1 Cjoverkill | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.
|
|||||
| CVE-2005-4413 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1.
|
|||||
| CVE-2004-1774 | 1 Oracle | 2 Application Server, Oracle10g | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
|
|||||
| CVE-2000-1031 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.
|
|||||
| CVE-2006-2242 | 1 Acftp | 1 Acftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
|
|||||
| CVE-2001-1223 | 1 Elsa | 1 Lancom 1100 Office | 2025-04-03 | 10.0 HIGH | N/A |
|
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
|
|||||
| CVE-2005-1118 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.
|
|||||
| CVE-2002-0603 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500.
|
|||||
| CVE-2006-1201 | 1 Eschew.net | 1 Phpbannerexchange | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover password" operation (recoverpw.php).
|
|||||
| CVE-2002-1545 | 1 Cooolsoft | 1 Personal Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response.
|
|||||
| CVE-2006-0805 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
|
|||||
| CVE-1999-0539 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A trust relationship exists between two Unix hosts.
|
|||||
| CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2025-04-03 | 2.1 LOW | N/A |
|
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
|
|||||
| CVE-2002-1892 | 1 Netgear | 1 Fvs318 | 2025-04-03 | 2.1 LOW | N/A |
|
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
|
|||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2025-04-03 | 7.5 HIGH | N/A |
|
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
|
|||||
| CVE-2005-0800 | 1 Mcnews | 1 Mcnews | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720.
|
|||||
| CVE-2006-0731 | 1 Sap | 1 Business Connector | 2025-04-03 | 4.0 MEDIUM | N/A |
|
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.
|
|||||
| CVE-2005-1297 | 1 Include.cgi | 1 Include.cgi | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
|
|||||
| CVE-2006-2468 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2003-0314 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.
|
|||||
| CVE-2006-1078 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or ...
Show More |
|||||
| CVE-2001-1207 | 1 Daydream | 1 Daydream Bbs | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.
|
|||||
| CVE-2005-1677 | 1 Groove | 2 Groove Workspace, Virtual Office | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects.
|
|||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.
|
|||||
| CVE-2001-0086 | 1 Cgi Script Center | 1 Subscribe Me Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter.
|
|||||
| CVE-2006-3257 | 1 Claroline | 1 Claroline | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php.
|
|||||
| CVE-1999-0505 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
A Windows NT domain user or administrator account has a guessable password.
|
|||||
| CVE-1999-1210 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
|
xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.
|
|||||
| CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.2 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
|
|||||
| CVE-2001-1078 | 1 Extremail | 1 Extremail | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
|
|||||
| CVE-2001-0348 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
|
|||||
| CVE-2006-1298 | 1 Symantec Veritas | 1 Backup Exec | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that i ...
Show More |
|||||