Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1211 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.
|
|||||
| CVE-2005-1802 | 1 Nortel | 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
|
|||||
| CVE-2005-1971 | 1 Interactivephp | 1 Fusionbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.
|
|||||
| CVE-2005-3742 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.
|
|||||
| CVE-2001-0072 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
|
|||||
| CVE-2000-1159 | 1 Network Associates | 1 Sniffer Agent | 2025-04-03 | 7.5 HIGH | N/A |
|
NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.
|
|||||
| CVE-2005-2152 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
|
|||||
| CVE-2002-1265 | 3 Apple, Gnu, Sgi | 4 Mac Os X, Mac Os X Server, Glibc and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
|
|||||
| CVE-2005-2321 | 1 Calogic | 1 Calogic | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php.
|
|||||
| CVE-2002-0282 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.
|
|||||
| CVE-2004-1887 | 1 Ada | 1 Imgsvr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null).
|
|||||
| CVE-2006-4246 | 1 Usermin | 1 Usermin | 2025-04-03 | 3.6 LOW | N/A |
|
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
|
|||||
| CVE-2004-2590 | 1 Meindlsoft | 1 Cute Php Library | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
|
|||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
|
|||||
| CVE-2005-2615 | 1 Eqdkp | 1 Eqdkp | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.
|
|||||
| CVE-2005-1854 | 1 Debian | 1 Apt-cacher | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
|
|||||
| CVE-2006-2104 | 1 Kmail | 1 Kmail | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.
|
|||||
| CVE-2005-1387 | 1 Kristofer Szymanski | 1 Cocktail | 2025-04-03 | 7.2 HIGH | N/A |
|
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.
|
|||||
| CVE-2001-0644 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
|
|||||
| CVE-2005-4012 | 1 Php Web | 1 Statistik | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php.
|
|||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2025-04-03 | 7.5 HIGH | N/A |
|
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
|
|||||
| CVE-2001-0134 | 2 Compaq, Digital | 15 Armada Insight Manager, Enterprise Volume Manager-command Scripter, Foundation Agents and 12 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
|
|||||
| CVE-2005-0342 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
|
|||||
| CVE-2001-1161 | 1 Lotus | 1 Domino R5 Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
|
|||||
| CVE-2004-0039 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
|
|||||
| CVE-2005-4393 | 1 E-publish | 1 E-publish | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.
|
|||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
|
|||||
| CVE-2004-0430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
|
|||||
| CVE-2005-1561 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter.
|
|||||
| CVE-2003-1195 | 1 Vienuke | 1 Vieboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
|
|||||
| CVE-2006-0648 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.
|
|||||
| CVE-2005-4577 | 1 Hitachi | 1 Business Logic | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.
|
|||||
| CVE-2004-0219 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
|
|||||
| CVE-2002-0606 | 1 3com | 1 3cdaemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.
|
|||||
| CVE-2004-0372 | 1 Xine | 1 Xine | 2025-04-03 | 2.1 LOW | N/A |
|
xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.
|
|||||
| CVE-2005-0072 | 1 Ejoy And Hu Yong | 1 Zhcon | 2025-04-03 | 2.1 LOW | N/A |
|
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.
|
|||||
| CVE-2001-0695 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).
|
|||||
| CVE-2004-0191 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
|
|||||
| CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
|
|||||
| CVE-2006-3558 | 1 Arif Supriyanto | 1 Auracms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php.
|
|||||