Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1545 | 1 Moniwiki | 1 Moniwiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
|
|||||
| CVE-2005-2613 | 1 Cpaint | 1 Cpaint | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.
|
|||||
| CVE-2006-0683 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.
|
|||||
| CVE-2001-0834 | 4 Conectiva, Debian, Htdig and 1 more | 4 Linux, Debian Linux, Htdig and 1 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
|
|||||
| CVE-2002-1029 | 1 Worldspan | 1 Res Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
|
|||||
| CVE-2004-1754 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
|
|||||
| CVE-2001-1303 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
|
|||||
| CVE-2003-0478 | 5 Andromede, Bahamut, Daniel Moss and 2 more | 5 Adromedeircd, Ircd, Methane and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings.
|
|||||
| CVE-2002-0894 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.
|
|||||
| CVE-2001-1465 | 1 Surfcontrol | 1 Superscout Web Filter | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.
|
|||||
| CVE-2005-4505 | 1 Mcafee | 2 Common Management Agent, Virusscan Enterprise | 2025-04-03 | 7.2 HIGH | N/A |
|
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
|
|||||
| CVE-2000-0514 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 10.0 HIGH | N/A |
|
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
|
|||||
| CVE-2001-1404 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
|
|||||
| CVE-2006-1145 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients.
|
|||||
| CVE-2006-2325 | 1 Onlyscript.info | 1 Online Universal Payment System Script | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Also, this issue might be resultant from directory traversal.
|
|||||
| CVE-2001-0496 | 2 Mandrakesoft, Redhat | 2 Mandrake Linux, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
|
|||||
| CVE-1999-0715 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
|
|||||
| CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2004-2419 | 1 Keene | 1 Digital Media Server | 2025-04-03 | 2.1 LOW | N/A |
|
Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.
|
|||||
| CVE-2003-1268 | 1 Urlogy | 1 A.shop.kart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.
|
|||||
| CVE-2004-0168 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
|
|||||
| CVE-2006-2754 | 1 Openldap | 1 Openldap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
|
|||||
| CVE-2006-3605 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.
|
|||||
| CVE-2003-0951 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.5 HIGH | N/A |
|
Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges.
|
|||||
| CVE-2006-2307 | 1 Website Baker | 1 Website Baker | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name.
|
|||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
|
|||||
| CVE-2004-0046 | 1 Snapstream | 1 Snapstream Pvs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.
|
|||||
| CVE-2000-1036 | 1 Extent Technologies | 1 Rbs Isp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.
|
|||||
| CVE-2006-1788 | 1 Adobe | 1 Document Server | 2025-04-03 | 2.6 LOW | N/A |
|
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.
|
|||||
| CVE-1999-0050 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in HP-UX newgrp program.
|
|||||
| CVE-2002-0243 | 1 Opera Software | 1 Opera Web Browser | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
|
|||||
| CVE-2006-2629 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.
|
|||||
| CVE-2002-1122 | 1 Iss | 1 Internet Scanner | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response.
|
|||||
| CVE-2005-1794 | 1 Microsoft | 2 Remote Desktop Connection, Windows Terminal Services Using Rdp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
|
|||||
| CVE-2006-2748 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
|
|||||
| CVE-2006-0368 | 1 Cisco | 1 Call Manager | 2025-04-03 | 7.8 HIGH | N/A |
|
Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.
|
|||||
| CVE-2004-2179 | 1 Microsoft | 2 Frontpage, Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
|
|||||
| CVE-2002-0914 | 1 Double Precision Incorporated | 1 Courier Mta | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
|
|||||
| CVE-2006-0108 | 1 Idea Development Id Oy | 1 Timecan Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107.
|
|||||
| CVE-2004-0993 | 1 Hp | 1 Sockd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
|
|||||