Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1596 | 1 Claroline | 1 Claroline | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.
|
|||||
| CVE-2002-0331 | 1 Alcatech Gmbh | 1 Bpm Studio Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
|
|||||
| CVE-1999-0799 | 1 Cmu | 1 Bootpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.
|
|||||
| CVE-2003-0672 | 1 Leon J Breedt | 1 Pam-pgsql | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
|
|||||
| CVE-2003-0253 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
|
|||||
| CVE-2006-4319 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
|
|||||
| CVE-2002-1228 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
|
|||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
|
|||||
| CVE-2002-1001 | 1 Analogx | 1 Proxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
|
|||||
| CVE-2002-2014 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
|
|||||
| CVE-2005-4649 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.
|
|||||
| CVE-2005-1837 | 1 Fortinet | 1 Fortinet Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges.
|
|||||
| CVE-2006-1497 | 1 Vihor | 1 Vihordesign | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.
|
|||||
| CVE-2005-2980 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter.
|
|||||
| CVE-1999-0698 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.
|
|||||
| CVE-2006-2502 | 1 Cyrus | 1 Imapd | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
|
|||||
| CVE-2002-0762 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files.
|
|||||
| CVE-2005-0588 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
|
|||||
| CVE-2005-4063 | 1 Netauctionhelp | 1 Netauctionhelp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.
|
|||||
| CVE-2002-1197 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
|
|||||
| CVE-2006-1213 | 1 Jiro | 1 Banner System | 2025-04-03 | 7.5 HIGH | N/A |
|
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
|
|||||
| CVE-2000-0182 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic.
|
|||||
| CVE-2003-0597 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges.
|
|||||
| CVE-2005-0097 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
|
|||||
| CVE-2000-0764 | 1 Intel | 1 Express 8100 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
|
|||||
| CVE-2006-4266 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 3.6 LOW | N/A |
|
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability be ...
Show More |
|||||
| CVE-2003-0701 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
|
|||||
| CVE-2006-4531 | 1 Bare Concept Media | 1 Pheap Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
|
|||||
| CVE-2006-0770 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-0695 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
|
|||||
| CVE-2005-0068 | 1 Tcp | 1 Tcp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU t ...
Show More |
|||||
| CVE-1999-1538 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 2.1 LOW | N/A |
|
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
|
|||||
| CVE-2005-3402 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
|
|||||
| CVE-2005-3031 | 1 Cambridge Computer Corporation | 1 Vxftpsrv | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute arbitrary code via a long USER name.
|
|||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
|
|||||
| CVE-2003-0421 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
|
|||||
| CVE-1999-0881 | 1 Blueface | 1 Falcon Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2004-0224 | 3 Double Precision Incorporated, Gentoo, Inter7 | 4 Courier Mta, Sqwebmail, Linux and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
|
|||||
| CVE-1999-1088 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges.
|
|||||
| CVE-2004-1983 | 2 Gentoo, The Pax Team | 2 Linux, Pax Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
|
|||||