Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1120 | 1 Ssh | 1 Tectia Server | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
|
|||||
| CVE-2006-3326 | 1 Joesph Leung | 1 Quickzip | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-2222 | 1 Norz | 1 Zawhttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.
|
|||||
| CVE-2001-1525 | 1 Easyscripts | 1 Easynews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.
|
|||||
| CVE-2004-2549 | 1 Nortel | 3 Wlan Access Point 2220, Wlan Access Point 2221, Wlan Access Point 2225 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
|
|||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.
|
|||||
| CVE-2004-1180 | 3 Debian, Mandrakesoft, Sun | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2006-3376 | 1 Wvware | 2 Libwmf, Wv2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
|
|||||
| CVE-2001-0645 | 1 Axent | 1 Netprowler | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
|
|||||
| CVE-2005-0225 | 1 Firehol | 1 Firehol | 2025-04-03 | 2.1 LOW | N/A |
|
firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2001-0689 | 1 Trend Micro | 1 Virus Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program.
|
|||||
| CVE-1999-1157 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
|
|||||
| CVE-2005-4068 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.
|
|||||
| CVE-2004-1256 | 1 Abcmidi | 1 Abcmidi | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files.
|
|||||
| CVE-2000-0735 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.
|
|||||
| CVE-2002-1761 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
|
|||||
| CVE-2002-1007 | 1 Blackboard | 1 Blackboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi.
|
|||||
| CVE-1999-0838 | 1 Deerfield | 1 Serv-u Ftp-server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
|
|||||
| CVE-2002-0728 | 1 Greg Roelofs | 1 Libpng | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.
|
|||||
| CVE-2004-1492 | 1 Quicksilver | 1 Master Of Orion Iii | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail.
|
|||||
| CVE-2000-0928 | 1 Wquinn | 1 Diskadvisor | 2025-04-03 | 2.1 LOW | N/A |
|
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.
|
|||||
| CVE-2006-4357 | 1 Dieselscripts | 1 Diesel Smart Traffic | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.
|
|||||
| CVE-2002-2134 | 1 Peel | 1 Peel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file.
|
|||||
| CVE-2002-0496 | 1 Southwest | 1 Southwest | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.
|
|||||
| CVE-2001-1368 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data.
|
|||||
| CVE-2004-2006 | 1 Trend Micro | 1 Officescan | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
|
|||||
| CVE-2004-1985 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.
|
|||||
| CVE-2002-0351 | 1 Matt Blaze | 1 Cfs | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2006-0939 | 1 Dci-designs | 1 Dci-taskeen | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.
|
|||||
| CVE-2004-0656 | 1 Pureftpd | 1 Pureftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
|
|||||
| CVE-2005-0812 | 1 Notify Technology | 1 Notifylink | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.
|
|||||
| CVE-2006-1068 | 1 Netgear | 1 Netgear Router | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.
|
|||||
| CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
|
|||||
| CVE-2003-0605 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
|
|||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
|
|||||
| CVE-2003-0352 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
|
|||||
| CVE-2002-0072 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
|
|||||
| CVE-2001-1507 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
|
|||||
| CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2025-04-03 | 7.8 HIGH | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||