Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3788 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-03 | 5.4 MEDIUM | N/A |
|
Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service."
|
|||||
| CVE-2001-1112 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
|
|||||
| CVE-2002-1398 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."
|
|||||
| CVE-2005-4022 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
|||||
| CVE-2001-0312 | 1 Ibm | 1 Websphere Plugin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
|
|||||
| CVE-2006-2010 | 1 Paras Chopra | 1 Bloggage | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter.
|
|||||
| CVE-2003-0197 | 2 Borland Software, Firebirdsql | 2 Interbase, Firebird | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
|
|||||
| CVE-2006-2817 | 1 Tekno.portal | 1 Tekno.portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1229 | 1 Id Software | 1 Quake 2 Server | 2025-04-03 | 2.1 LOW | N/A |
|
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
|
|||||
| CVE-2006-4987 | 1 Patrick Michaelis | 1 Wili-cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.
|
|||||
| CVE-2006-3425 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 7.5 HIGH | N/A |
|
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
|
|||||
| CVE-2000-1127 | 1 Hp | 1 Hp-ux | 2025-04-03 | 3.6 LOW | N/A |
|
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
|
|||||
| CVE-2004-1784 | 1 Webcam Corp | 1 Webcam Watchdog | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2006-4118 | 1 Chaossoft | 1 Geheimchaos | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form ...
Show More |
|||||
| CVE-2005-2055 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".
|
|||||
| CVE-2006-4338 | 1 Gzip | 1 Gzip | 2025-04-03 | 5.0 MEDIUM | N/A |
|
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
|
|||||
| CVE-2006-4908 | 1 Ohio State University | 1 Osu Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
|
|||||
| CVE-1999-0778 | 1 Xi Graphics | 1 Accelerated-x Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.
|
|||||
| CVE-2005-0194 | 1 Squid | 1 Squid | 2025-04-03 | 10.0 HIGH | N/A |
|
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.
|
|||||
| CVE-2000-0103 | 1 Netsmart | 1 Smartcart | 2025-04-03 | 7.5 HIGH | N/A |
|
The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2005-4061 | 1 Xcent | 1 Xcphotoblbum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.
|
|||||
| CVE-2002-0555 | 1 Ibm | 1 Informix Web Datablade | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
|
|||||
| CVE-2006-1398 | 1 Sixal | 1 G-book | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter.
|
|||||
| CVE-2004-2389 | 1 Jabberstudio | 1 Jabber Gadu-gadu Transport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration.
|
|||||
| CVE-2005-2100 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 2.1 LOW | N/A |
|
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
|
|||||
| CVE-2006-4882 | 1 Charon Internet | 1 Charon Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
|
|||||
| CVE-2006-3254 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
|
|||||
| CVE-2006-0358 | 1 Powerportal | 1 Powerportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
|
|||||
| CVE-2005-2889 | 1 Checkpoint | 1 Connectra Ngx | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.
|
|||||
| CVE-2006-3559 | 1 Arif Supriyanto | 1 Auracms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.
|
|||||
| CVE-2005-4802 | 1 Flexbackup | 1 Flexbackup | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use.
|
|||||
| CVE-2006-4653 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2025-04-03 | 5.0 MEDIUM | N/A |
|
(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
|
|||||
| CVE-2002-0432 | 1 Citadel | 1 Ux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
|
|||||
| CVE-2005-1034 | 1 Netwin | 1 Surgeftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
|
|||||
| CVE-2002-0063 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
|
|||||
| CVE-2003-1476 | 1 Cerberus | 1 Ftp Server | 2025-04-03 | 2.1 LOW | N/A |
|
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
|
|||||
| CVE-2003-0864 | 1 Ircnet | 1 Ircnet Ircd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.
|
|||||
| CVE-2006-0804 | 1 Tin | 1 Tin | 2025-04-03 | 7.5 HIGH | N/A |
|
Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.
|
|||||
| CVE-2006-4417 | 1 Xoops | 1 Xoops | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
|
|||||
| CVE-2005-3647 | 1 Winability | 1 Folder Guard | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory.
|
|||||