Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0679 | 1 Unreal | 1 Unrealircd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses.
|
|||||
| CVE-2006-4190 | 1 Php-nuke | 1 Autohtml Module | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation.
|
|||||
| CVE-2004-1918 | 1 Rsniff | 1 Rsniff | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly.
|
|||||
| CVE-2000-1131 | 1 Bill Kendrick | 1 Gbook.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
|
|||||
| CVE-2004-1859 | 1 Trend Micro | 1 Interscan Viruswall For Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2006-3780 | 1 Keyifweb | 1 Keyif Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/anket.mdb, (2) HABER/keyifweb.mdb, (3) ASP/download.mdb, or (4) SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory.
|
|||||
| CVE-2005-1586 | 1 Open Solution | 1 Quick.forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.
|
|||||
| CVE-2004-2628 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
|
|||||
| CVE-2002-0983 | 1 Irssi | 1 Irssi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow.
|
|||||
| CVE-2005-1140 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
|
|||||
| CVE-2004-1920 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2025-04-03 | 7.5 HIGH | N/A |
|
X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access.
|
|||||
| CVE-2005-0245 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.
|
|||||
| CVE-2006-3614 | 1 Orbitcoders | 1 Orbitmatrix | 2025-04-03 | 7.5 HIGH | N/A |
|
index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability.
|
|||||
| CVE-2005-0205 | 2 Bernd Wuebben, Kde | 2 Kppp, Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
|
|||||
| CVE-2002-2055 | 1 Teekai | 1 Teekai Tracking Online | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2000-0808 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
|
|||||
| CVE-2005-0057 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
|
|||||
| CVE-1999-0686 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
|
|||||
| CVE-1999-1349 | 1 Xlink Technology | 1 Omni-nfs X Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to cause a denial of service (resource exhaustion) via certain packets, possibly with the Urgent (URG) flag set, to port 111.
|
|||||
| CVE-2006-3909 | 1 Wired Community Software | 1 Wwwthreads | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.
|
|||||
| CVE-1999-1390 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.
|
|||||
| CVE-2006-2309 | 1 Etype | 1 Eserv | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files.
|
|||||
| CVE-2000-1024 | 1 Unify | 1 Ewave Servletexec | 2025-04-03 | 10.0 HIGH | N/A |
|
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
|
|||||
| CVE-2006-3816 | 1 Krusader | 1 Krusader | 2025-04-03 | 7.5 HIGH | N/A |
|
Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.
|
|||||
| CVE-2005-3395 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
|
|||||
| CVE-2005-2074 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
|
|||||
| CVE-2006-1970 | 1 Kcscripts | 1 Portal Pack | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
|
|||||
| CVE-1999-1179 | 1 Sysadmin Magazine | 1 Man.sh | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2004-2496 | 1 Opentext | 1 Opentext Firstclass | 2025-04-03 | 7.8 HIGH | N/A |
|
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
|
|||||
| CVE-2005-2696 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
|
|||||
| CVE-2003-0753 | 1 Newsphp | 1 Newsphp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter.
|
|||||
| CVE-2002-0170 | 1 Zope | 1 Zope | 2025-04-03 | 7.5 HIGH | N/A |
|
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
|
|||||
| CVE-2006-0645 | 1 Free Software Foundation Inc. | 1 Libtasn1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
|
|||||
| CVE-2006-4737 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.
|
|||||
| CVE-2002-1253 | 1 Abuse | 1 Abuse | 2025-04-03 | 7.2 HIGH | N/A |
|
Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
|
|||||
| CVE-2005-3427 | 1 Cisco | 1 Ciscoworks Management Center For Ips Sensors | 2025-04-03 | 2.1 LOW | N/A |
|
The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.
|
|||||
| CVE-2002-0551 | 1 Gcf | 1 Dynamic Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar.
|
|||||
| CVE-2002-0578 | 1 Aci | 1 4d Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
|
|||||
| CVE-2006-4591 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.
|
|||||
| CVE-2001-0712 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
|
|||||