Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0292 | 1 Inktomi | 1 Inktomi Traffic-server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
|
|||||
| CVE-2005-3229 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2004-1285 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream.
|
|||||
| CVE-2004-2633 | 1 Arjohn Kampman | 1 Sesame Rdf Container | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.
|
|||||
| CVE-2004-0009 | 1 Apache-ssl | 1 Apache-ssl | 2025-04-03 | 7.5 HIGH | N/A |
|
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
|
|||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
|
|||||
| CVE-2001-0764 | 1 Juergen Schoenwaelder | 1 Scotty | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.
|
|||||
| CVE-1999-1100 | 1 Cisco | 1 Pix Private Link | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
|
|||||
| CVE-2006-1829 | 1 Sybase | 1 Easerver | 2025-04-03 | 4.0 MEDIUM | N/A |
|
EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.
|
|||||
| CVE-2005-0298 | 1 Oracle | 1 Database Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.
|
|||||
| CVE-2000-0271 | 1 Gnu | 1 Emacs | 2025-04-03 | 4.6 MEDIUM | N/A |
|
read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
|
|||||
| CVE-2004-0598 | 1 Greg Roelofs | 1 Libpng | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
|
|||||
| CVE-2001-1120 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
|
|||||
| CVE-2006-1623 | 1 Andries Bruinsma | 1 Flexible Development | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evide ...
Show More |
|||||
| CVE-2005-2858 | 1 Rediff | 1 Bol | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method.
|
|||||
| CVE-2005-2996 | 1 Symantec Veritas | 2 Storage Exec, Storagecentral | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls.
|
|||||
| CVE-2002-0247 | 1 Wliang | 1 Wmtv | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges.
|
|||||
| CVE-2002-0843 | 2 Apache, Oracle | 4 Http Server, Application Server, Database Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
|
|||||
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
|
|||||
| CVE-2001-0236 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
|
|||||
| CVE-2005-4221 | 1 Arab Portal | 1 Arab Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string).
|
|||||
| CVE-2002-1149 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
|
|||||
| CVE-2005-3198 | 1 Webroot Software | 1 Desktop Firewall | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands.
|
|||||
| CVE-2005-3246 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.
|
|||||
| CVE-2006-4076 | 1 Wim Fleischhauer | 1 Docpile We | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-1999-1318 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
|
|||||
| CVE-2002-1045 | 1 Ultrafunk | 1 Popcorn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037.
|
|||||
| CVE-2004-0797 | 1 Zlib | 1 Zlib | 2025-04-03 | 2.1 LOW | N/A |
|
The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).
|
|||||
| CVE-2002-2118 | 1 Blue World Communications | 1 Lasso Web Data Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL.
|
|||||
| CVE-2005-4686 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
|
|||||
| CVE-2001-0809 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
|
|||||
| CVE-2005-1746 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.
|
|||||
| CVE-2006-1862 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
|
|||||
| CVE-2002-1881 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
|
|||||
| CVE-2005-4725 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 7.5 HIGH | N/A |
|
Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.
|
|||||
| CVE-2005-2416 | 1 Astalavista It Engineering | 1 Contrexx | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module.
|
|||||
| CVE-2006-3597 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.
|
|||||
| CVE-2000-0757 | 1 Aptis Software | 1 Totalbill | 2025-04-03 | 10.0 HIGH | N/A |
|
The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.
|
|||||
| CVE-2002-1871 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
|
|||||
| CVE-2003-0322 | 1 Colten Edwards | 1 Bitchx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash).
|
|||||