Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0294 | 1 Minis | 1 Minis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter.
|
|||||
| CVE-2005-1913 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a denial of service (kernel panic) via a non group-leader thread executing a different program than was pending in itimer, which causes the signal to be delivered to the old group-leader task, which does not exist.
|
|||||
| CVE-2004-1612 | 1 Saleslogix Corporation | 1 Saleslogix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
|
|||||
| CVE-2004-1811 | 1 Hp | 1 Ssl Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.
|
|||||
| CVE-2004-0632 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
|
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.
|
|||||
| CVE-2004-1455 | 1 Xine | 1 Xine-lib | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
|
|||||
| CVE-2004-1266 | 1 Jacob Rhoden | 1 Csv2xml | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.
|
|||||
| CVE-2002-1221 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
|
|||||
| CVE-2002-0222 | 1 Etype | 1 Eserv | 2025-04-03 | 7.5 HIGH | N/A |
|
Etype Eserv 2.97 allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
|
|||||
| CVE-2005-0416 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
|
|||||
| CVE-2006-0865 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
|
|||||
| CVE-2006-2631 | 1 Phpfox | 1 Phpfox | 2025-04-03 | 4.0 MEDIUM | N/A |
|
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
|
|||||
| CVE-2001-0632 | 1 Sun | 1 Chilisoft | 2025-04-03 | 7.5 HIGH | N/A |
|
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
|
|||||
| CVE-2005-2214 | 1 Debian | 1 Apt-setup | 2025-04-03 | 4.6 MEDIUM | N/A |
|
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
|
|||||
| CVE-2006-4488 | 1 Exbb | 1 Exbb Italia | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.
|
|||||
| CVE-2002-1685 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI.
|
|||||
| CVE-2002-0471 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2025-04-03 | 10.0 HIGH | N/A |
|
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
|
|||||
| CVE-2005-0995 | 1 Early Impact | 1 Productcart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
|
|||||
| CVE-2006-2061 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
|
|||||
| CVE-2005-4142 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | 7.5 HIGH | N/A |
|
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.
|
|||||
| CVE-2006-4802 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
|
|||||
| CVE-2006-2137 | 1 Openphpnuke | 1 Openphpnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
|
|||||
| CVE-2006-0165 | 1 Plain Black | 1 Webgui | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form.
|
|||||
| CVE-2001-0372 | 1 Akopia | 1 Akopia Interchange | 2025-04-03 | 10.0 HIGH | N/A |
|
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.
|
|||||
| CVE-2004-1624 | 1 Altiris | 1 Carbon Copy | 2025-04-03 | 7.2 HIGH | N/A |
|
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
|
|||||
| CVE-2000-0691 | 1 Gert Doering | 1 Mgetty | 2025-04-03 | 2.1 LOW | N/A |
|
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
|
|||||
| CVE-2006-4820 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
|
|||||
| CVE-2002-0197 | 1 Psychoid | 1 Psybnc | 2025-04-03 | 7.5 HIGH | N/A |
|
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
|
|||||
| CVE-2006-1172 | 1 Tdc | 1 Cryptomathic Cenroll Activex Control | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.
|
|||||
| CVE-2002-2103 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
|
|||||
| CVE-2000-0623 | 1 Oreilly | 1 Website Professional | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.
|
|||||
| CVE-2001-0428 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
|
|||||
| CVE-2006-1559 | 1 Php | 1 Php Script Index | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-1886 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01.
|
|||||
| CVE-2006-2867 | 1 Coolforum | 1 Coolforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
|
|||||
| CVE-2004-0936 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2025-04-03 | 7.5 HIGH | N/A |
|
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
|
|||||
| CVE-2003-1285 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl).
|
|||||
| CVE-2005-2162 | 1 Levcgi.com | 1 Myguestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
|
|||||
| CVE-2004-0755 | 1 Yukihiro Matsumoto | 1 Ruby | 2025-04-03 | 2.1 LOW | N/A |
|
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
|
|||||
| CVE-2006-2075 | 1 Don Moore | 1 Mydns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite.
|
|||||