Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.
|
|||||
| CVE-2005-3684 | 1 Freeftpd | 1 Freeftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
|
|||||
| CVE-2004-2543 | 1 Securecomputing | 1 Sidewinder G2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.
|
|||||
| CVE-2004-0666 | 1 Popclient | 1 Popclient | 2025-04-03 | 7.5 HIGH | N/A |
|
Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow.
|
|||||
| CVE-2002-0388 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
|
|||||
| CVE-2003-1103 | 1 Hummingbird | 1 Cyberdocs | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-1999-0396 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-03 | 2.6 LOW | N/A |
|
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
|
|||||
| CVE-2004-1541 | 1 Van Dyke Technologies | 1 Securecrt | 2025-04-03 | 7.5 HIGH | N/A |
|
SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.
|
|||||
| CVE-2005-4309 | 1 Scriptscenter | 1 Ezupload Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
|
|||||
| CVE-2006-4058 | 1 Simplog | 1 Simplog | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information.
|
|||||
| CVE-2006-0981 | 1 E-merge | 1 E-merge Winace | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
|
|||||
| CVE-2006-4365 | 1 Vistabb | 1 Vistabb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php.
|
|||||
| CVE-2003-1258 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid.
|
|||||
| CVE-1999-0481 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in "poll" in OpenBSD.
|
|||||
| CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
|
|||||
| CVE-2002-1123 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
|
|||||
| CVE-2003-0606 | 2 Cvsup, Sup | 2 Cvsup-mirror, Sup | 2025-04-03 | 4.6 MEDIUM | N/A |
|
sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.
|
|||||
| CVE-2004-0153 | 1 Emil | 1 Emil | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages.
|
|||||
| CVE-1999-0753 | 1 Hughes | 1 Msql | 2025-04-03 | 7.5 HIGH | N/A |
|
The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.
|
|||||
| CVE-2000-0525 | 1 Openbsd | 1 Openssh | 2025-04-03 | 10.0 HIGH | N/A |
|
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
|
|||||
| CVE-2004-0587 | 3 Mandrakesoft, Redhat, Suse | 4 Mandrake Linux, Mandrake Linux Corporate Server, Fedora Core and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
|
|||||
| CVE-2004-2442 | 1 F-secure | 5 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.
|
|||||
| CVE-2001-0959 | 2 Broadcom, Ca | 3 Arcserve Backup, Arcserve Backup 2000, Arcserve Backup 2000 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
|
|||||
| CVE-1999-0303 | 4 Digital, Netbsd, Openbsd and 1 more | 5 Osf 1, Netbsd, Openbsd and 2 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
|
|||||
| CVE-2006-0639 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E.
|
|||||
| CVE-2005-0121 | 1 Alexander Siegel | 1 Golddig | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable.
|
|||||
| CVE-2006-1587 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.
|
|||||
| CVE-2005-1216 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
|
|||||
| CVE-2001-0903 | 1 Intel | 1 High-bandwidth Digital Content Protection | 2025-04-03 | 7.5 HIGH | N/A |
|
Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.
|
|||||
| CVE-2006-2316 | 1 Intel | 1 Proset Wireless | 2025-04-03 | 4.9 MEDIUM | N/A |
|
S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify passwords or other data, or cause a denial of service.
|
|||||
| CVE-2006-3968 | 1 Sun | 1 Solaris | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
|
|||||
| CVE-2003-1034 | 1 Sap | 1 Sap Db | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
|
|||||
| CVE-2005-1494 | 1 Megabook | 1 Megabook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.
|
|||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2025-04-03 | 7.5 HIGH | N/A |
|
Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
|
|||||
| CVE-2004-0073 | 1 Stoitsov | 1 Easydynamicpages | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
|
|||||
| CVE-2004-1676 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
|
|||||
| CVE-2005-3378 | 1 Norman | 1 Norman Virus Control | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2004-2322 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
|
|||||
| CVE-2005-3042 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 7.5 HIGH | N/A |
|
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
|
|||||