Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
|
|||||
| CVE-2003-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
|
|||||
| CVE-2002-1439 | 1 Hp | 2 Virtualvault, Vvos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files.
|
|||||
| CVE-2004-0711 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
|
|||||
| CVE-2004-0084 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
|
|||||
| CVE-2005-0979 | 1 Netmanage | 1 Rumba | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted values in a profile file, as demonstrated using a long SysName field.
|
|||||
| CVE-2004-0228 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.
|
|||||
| CVE-2005-0465 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option.
|
|||||
| CVE-2005-1629 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.
|
|||||
| CVE-1999-0208 | 3 Ibm, Nec, Sgi | 5 Aix, Asl Ux 4800, Ews-ux V and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
|
|||||
| CVE-2003-0085 | 2 Hp, Samba | 2 Cifs-9000 Server, Samba | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2002-1092 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
|
|||||
| CVE-2006-3483 | 1 Phpmaillist | 1 Phpmaillist | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.
|
|||||
| CVE-2006-2641 | 1 John Frank | 1 Asset Manager | 2025-04-03 | 5.8 MEDIUM | N/A |
|
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this s ...
Show More |
|||||
| CVE-2006-2116 | 1 Planet Concept | 1 Planetgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php.
|
|||||
| CVE-1999-0517 | 2 Hp, Sun | 2 Hp-ux, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
An SNMP community name is the default (e.g. public), null, or missing.
|
|||||
| CVE-2003-0419 | 1 Smc Networks | 1 Barricade Wireless Cable Dsl Broadband Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface.
|
|||||
| CVE-1999-0495 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
|
|||||
| CVE-2003-0804 | 3 Apple, Freebsd, Openbsd | 4 Mac Os X, Mac Os X Server, Freebsd and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
|
|||||
| CVE-2002-0382 | 1 Xchat | 1 Xchat | 2025-04-03 | 7.5 HIGH | N/A |
|
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.
|
|||||
| CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2025-04-03 | 3.6 LOW | N/A |
|
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
|
|||||
| CVE-2006-0936 | 1 Free Host Shop | 1 Website Generator | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.
|
|||||
| CVE-2000-0049 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
|
|||||
| CVE-2004-0683 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories.
|
|||||
| CVE-2004-2174 | 1 Early Impact | 1 Productcart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter.
|
|||||
| CVE-2005-0301 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.
|
|||||
| CVE-2004-1181 | 1 Toshiaki Kanosue | 1 Htmlheadline | 2025-04-03 | 4.6 MEDIUM | N/A |
|
htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2000-0910 | 1 Horde | 1 Horde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
|
|||||
| CVE-2003-0481 | 1 Gero Kohnert | 1 Tutos | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.
|
|||||
| CVE-1999-0692 | 2 Cray, Sgi | 2 Unicos, Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
|
|||||
| CVE-2003-0874 | 1 Deskpro | 1 Deskpro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
|
|||||
| CVE-2002-0800 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.
|
|||||
| CVE-2002-0069 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | 2.6 LOW | N/A |
|
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
|
|||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2025-04-03 | 7.2 HIGH | N/A |
|
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.
|
|||||
| CVE-2004-0106 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
|
|||||
| CVE-2006-4975 | 1 Yahoo | 1 Messenger | 2025-04-03 | 2.6 LOW | N/A |
|
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
|
|||||
| CVE-2006-3252 | 1 Algorithmic Research | 1 Privatewire Gateway | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.
|
|||||
| CVE-2006-4298 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions.
|
|||||
| CVE-1999-1565 | 2 Debian, Earl Hood | 2 Debian Linux, Man2html | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-1999-1167 | 1 Third Voice | 1 Third Voice Web | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
|
|||||