Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1805 | 1 Epic Games | 1 Unreal Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names.
|
|||||
| CVE-2005-4763 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.
|
|||||
| CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.
|
|||||
| CVE-2005-4719 | 1 Sysbotz | 1 Systems Panel | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php.
|
|||||
| CVE-2003-0350 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
|
|||||
| CVE-2005-4798 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client.
|
|||||
| CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
|
|||||
| CVE-2002-0300 | 1 Gnujsp | 1 Gnujsp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.
|
|||||
| CVE-2006-0576 | 1 Maynard Johnson | 1 Oprofile | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.
|
|||||
| CVE-2005-2063 | 1 Active Web Softwares | 1 Activebuyandsell | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp.
|
|||||
| CVE-2001-1017 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
|
|||||
| CVE-2000-1142 | 1 Recourse Technologies | 1 Mantrap | 2025-04-03 | 2.1 LOW | N/A |
|
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
|
|||||
| CVE-2003-0467 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error.
|
|||||
| CVE-2005-2899 | 1 Cj Design | 1 Cj Tag Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter.
|
|||||
| CVE-2004-0842 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
|
|||||
| CVE-2005-2977 | 1 Pam | 1 Pam | 2025-04-03 | 2.1 LOW | N/A |
|
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
|
|||||
| CVE-2005-1747 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obt ...
Show More |
|||||
| CVE-2006-2308 | 1 Etype | 1 Eserv | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
|
|||||
| CVE-2001-0021 | 1 Endymion | 1 Mailman Webmail | 2025-04-03 | 10.0 HIGH | N/A |
|
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
|
|||||
| CVE-2004-2228 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.2 HIGH | N/A |
|
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges.
|
|||||
| CVE-2005-0886 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
|
|||||
| CVE-2001-0215 | 1 Martin Hamilton | 1 Roads | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.
|
|||||
| CVE-1999-0675 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.
|
|||||
| CVE-2004-0882 | 4 Conectiva, Redhat, Samba and 1 more | 7 Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
|
|||||
| CVE-2004-1728 | 1 British National Corpus | 1 Sara | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.
|
|||||
| CVE-2004-1207 | 1 Serioussam | 1 Seriousengine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero.
|
|||||
| CVE-2006-2583 | 1 Nucleus Group | 1 Nucleus Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.
|
|||||
| CVE-2000-0457 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
|
|||||
| CVE-2005-2091 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
|
|||||
| CVE-2003-0659 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
|
|||||
| CVE-1999-0310 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | N/A |
|
SSH 1.2.25 on HP-UX allows access to new user accounts.
|
|||||
| CVE-2006-0100 | 1 Nicosw | 1 Nicoftp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to create or modify FTP accounts in this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
|
|||||
| CVE-2001-0556 | 1 Nedit | 1 Nedit | 2025-04-03 | 7.2 HIGH | N/A |
|
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
|
|||||
| CVE-2000-1214 | 3 Immunix, Iputils, Redhat | 3 Immunix, Iputils, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.
|
|||||
| CVE-2001-0284 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
|
|||||
| CVE-2004-0289 | 1 Paul L Daniels | 1 Signaturedb | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.
|
|||||
| CVE-2002-0358 | 1 Sgi | 1 Mediamail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges.
|
|||||
| CVE-2005-4350 | 1 Sun | 1 Wbem Services | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.
|
|||||
| CVE-2004-1077 | 1 Citrix | 2 Metaframe Client, Program Neighborhood Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
|
|||||
| CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
|
|||||