Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0849 | 1 Microsoft | 1 Windows Media Services | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
|
|||||
| CVE-1999-0897 | 1 Apple | 1 Ichat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2004-2215 | 1 Marc Lehmann | 1 Rxvt-unicode | 2025-04-03 | 4.6 MEDIUM | N/A |
|
RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.
|
|||||
| CVE-2003-1280 | 1 Eekim | 1 Cgihtml | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.
|
|||||
| CVE-2004-1780 | 1 Info Touch | 1 Surfnet | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
|
|||||
| CVE-2005-0526 | 1 Pblang | 1 Pblang | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php.
|
|||||
| CVE-2005-4642 | 1 Hydrobb | 1 Hydrobb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php.
|
|||||
| CVE-2000-0136 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2025-04-03 | 7.5 HIGH | N/A |
|
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2001-1067 | 1 Aol | 1 Aol Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
|
|||||
| CVE-2006-4901 | 1 Broadcom | 4 Etrust Audit Client, Etrust Audit Datatools, Etrust Audit Policy Manager and 1 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
|
|||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN.
|
|||||
| CVE-2006-0656 | 1 Hp | 1 Systems Insight Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.
|
|||||
| CVE-2006-4226 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 3.6 LOW | N/A |
|
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
|
|||||
| CVE-1999-1422 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users.
|
|||||
| CVE-2006-0566 | 1 Communigate | 1 Communigate Pro Core Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements.
|
|||||
| CVE-2000-0398 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
|
|||||
| CVE-1999-0451 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
|
|||||
| CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter.
|
|||||
| CVE-2003-0415 | 1 Access-remote-pc.com | 1 Remote Pc Access | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server.
|
|||||
| CVE-2006-3607 | 1 Softbiz | 1 Banner Exchange | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php.
|
|||||
| CVE-2004-1139 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2002-0171 | 1 Sgi | 1 Irisconsole | 2025-04-03 | 7.5 HIGH | N/A |
|
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
|
|||||
| CVE-2000-0325 | 1 Microsoft | 1 Jet | 2025-04-03 | 7.2 HIGH | N/A |
|
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
|
|||||
| CVE-2005-1099 | 1 Salim Gasmi | 1 Gld | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2025-04-03 | 2.6 LOW | N/A |
|
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
|
|||||
| CVE-2001-0169 | 4 Mandrakesoft, Redhat, Trustix and 1 more | 5 Mandrake Linux, Mandrake Linux Corporate Server, Linux and 2 more | 2025-04-03 | 2.1 LOW | N/A |
|
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
|
|||||
| CVE-2004-2272 | 1 Evan Sims | 1 Effingerd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command.
|
|||||
| CVE-2006-2921 | 1 Cmpro Team | 1 Clan Manager Pro | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters.
|
|||||
| CVE-2002-0978 | 1 Microsoft | 1 File Transfer Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function.
|
|||||
| CVE-2006-3590 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 5.1 MEDIUM | N/A |
|
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
|
|||||
| CVE-2006-3055 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php.
|
|||||
| CVE-2001-1439 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
|
|||||
| CVE-2006-0584 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 2.1 LOW | N/A |
|
The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.
|
|||||
| CVE-2006-1770 | 1 Azerbaijan Development Group | 1 Azdgvote | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php.
|
|||||
| CVE-2006-3796 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
|
DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.
|
|||||
| CVE-2005-2729 | 1 Astaro | 1 Security Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.
|
|||||
| CVE-1999-1274 | 1 Ipass | 1 Roamserver | 2025-04-03 | 6.4 MEDIUM | N/A |
|
iPass RoamServer 3.1 creates temporary files with world-writable permissions.
|
|||||
| CVE-2005-1069 | 1 Scssboard | 1 Scssboard | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."
|
|||||
| CVE-2006-4055 | 1 Tsep | 1 Tsep | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
|
|||||
| CVE-2006-0506 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.
|
|||||