Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1003 | 1 Netgear | 1 Wgt624 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
|
|||||
| CVE-2000-0451 | 1 Intel | 1 Express 8100 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.
|
|||||
| CVE-2001-0190 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
|
|||||
| CVE-2006-3521 | 1 Simian Systems Inc | 1 Siteforge Collaborative Development Platform | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge-bugs-action/proj.siteforge in SiteForge Collaborative Development Platform 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) _status, (2) _extra1, (3) _extra2, or (4) _extra3 parameters.
|
|||||
| CVE-2005-0805 | 1 Subdreamer | 1 Subdreamer Light | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.
|
|||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php.
|
|||||
| CVE-2002-1105 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
|
|||||
| CVE-2006-2367 | 1 Clansys | 1 Clansys | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function.
|
|||||
| CVE-2006-1920 | 1 Pmtool | 1 Pmtool | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1130 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
|
|||||
| CVE-2000-0922 | 1 Bytes Interactive | 1 Web Shopper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.
|
|||||
| CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
|
|||||
| CVE-2003-1225 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
|
|||||
| CVE-2005-3393 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
|
|||||
| CVE-2004-0851 | 1 Ulrich Callmeier | 1 Net-acct | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2006-2710 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications.
|
|||||
| CVE-2005-3390 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
|
|||||
| CVE-2001-0646 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.
|
|||||
| CVE-1999-0533 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
A DNS server allows inverse queries.
|
|||||
| CVE-2006-1327 | 1 Softbb | 1 Softbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.
|
|||||
| CVE-2005-0371 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data.
|
|||||
| CVE-2006-3022 | 1 Fipsasp | 1 Fipsgallery | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter.
|
|||||
| CVE-2006-2606 | 1 Chatty | 1 Chatty | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username.
|
|||||
| CVE-2005-3040 | 1 Tac | 1 Vista | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter.
|
|||||
| CVE-2004-0371 | 1 Kth | 1 Heimdal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.
|
|||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.
|
|||||
| CVE-2002-0460 | 1 Bitvise | 1 Winsshd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.
|
|||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
|
|||||
| CVE-2006-3268 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
|
|||||
| CVE-2006-3625 | 1 Flv | 1 Flv Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message.
|
|||||
| CVE-2004-2224 | 1 Appfoundry | 1 Message Foundry | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1.
|
|||||
| CVE-2005-1488 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 1.9 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html.
|
|||||
| CVE-2005-0708 | 2 Dragonflybsd, Freebsd | 2 Dragonflybsd, Freebsd | 2025-04-03 | 10.0 HIGH | N/A |
|
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2005-3424 | 1 Gnu | 1 Gnump3d | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
|
|||||
| CVE-2005-1050 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
|
|||||
| CVE-2003-0265 | 1 Sap | 1 Sap Db | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.
|
|||||
| CVE-1999-1485 | 1 Sgi | 1 Irix | 2025-04-03 | 6.4 MEDIUM | N/A |
|
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
|
|||||
| CVE-2006-2926 | 1 Qbik | 1 Wingate | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
|
|||||
| CVE-2005-4412 | 1 Citrix | 1 Program Neighborhood Client | 2025-04-03 | 2.1 LOW | N/A |
|
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
|
|||||
| CVE-2005-2300 | 1 Skype Technologies | 1 Skype | 2025-04-03 | 2.1 LOW | N/A |
|
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
|
|||||