Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0594 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.
|
|||||
| CVE-2006-0820 | 1 Gnome | 1 Dwarf Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
|
|||||
| CVE-2006-2344 | 1 Ajax Softwares | 1 Alipager | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter.
|
|||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2025-04-03 | 4.3 MEDIUM | N/A |
|
NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as ...
Show More |
|||||
| CVE-2006-4268 | 1 Devellion | 1 Cubecart | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.
|
|||||
| CVE-2000-0154 | 1 Sco | 1 Unixware | 2025-04-03 | 1.2 LOW | N/A |
|
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2005-0022 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
|
|||||
| CVE-2005-3118 | 1 William Stearns | 1 Mason | 2025-04-03 | 7.5 HIGH | N/A |
|
Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.
|
|||||
| CVE-2005-0483 | 1 Glftpd | 1 Glftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.
|
|||||
| CVE-2005-4285 | 1 Dick Copits | 1 Pdestore | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.
|
|||||
| CVE-1999-1061 | 1 Hp | 1 Jetdirect | 2025-04-03 | 7.5 HIGH | N/A |
|
HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging.
|
|||||
| CVE-2004-2210 | 1 Express-web | 1 Express-web Content Management System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
|
|||||
| CVE-2001-1355 | 1 Netwin | 2 Dmail, Surgeftp | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
|
|||||
| CVE-2005-3295 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
|
|||||
| CVE-2006-3171 | 1 Comscripts | 1 Cs-forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.
|
|||||
| CVE-2005-0195 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.
|
|||||
| CVE-2005-2633 | 1 Phptb | 1 Topic Boards | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter.
|
|||||
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
|
|||||
| CVE-2004-1511 | 1 Hotfoon Corporation | 1 Hotfoon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window.
|
|||||
| CVE-2002-1380 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
|
|||||
| CVE-2002-2001 | 2 Jmcce, Mandrakesoft | 2 Jmcce, Mandrake Linux | 2025-04-03 | 1.2 LOW | N/A |
|
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2003-0722 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | N/A |
|
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
|
|||||
| CVE-2006-0482 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call.
|
|||||
| CVE-2006-4594 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.
|
|||||
| CVE-2006-1697 | 1 Matt Wright | 1 Matt Wright Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
|
|||||
| CVE-2004-1477 | 1 Macromedia | 1 Jrun | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
|
|||||
| CVE-2000-1233 | 1 Phorum | 1 Phorum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
|
|||||
| CVE-2005-2248 | 1 Sven-ove Bjerkan | 1 Downloadprotect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.
|
|||||
| CVE-2003-1507 | 1 Planet Technology Corp | 2 Wgsd-1020, Wsw-2401 | 2025-04-03 | 10.0 HIGH | N/A |
|
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
|
|||||
| CVE-2001-1313 | 1 Ibm | 1 Lotus Domino R5 | 2025-04-03 | 7.5 HIGH | N/A |
|
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-1999-0023 | 6 Bsdi, Freebsd, Ibm and 3 more | 10 Bsd Os, Freebsd, Aix and 7 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
|
|||||
| CVE-2006-3191 | 1 Tpvgames | 1 Mpcs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.
|
|||||
| CVE-1999-0244 | 1 Livingston | 1 Radius | 2025-04-03 | 7.5 HIGH | N/A |
|
Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.
|
|||||
| CVE-1999-1286 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file.
|
|||||
| CVE-2001-1366 | 1 Netscript Project | 1 Netscript | 2025-04-03 | 5.0 MEDIUM | N/A |
|
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
|
|||||
| CVE-2001-0369 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).
|
|||||
| CVE-2003-0997 | 1 Broadcom | 1 Unicenter Remote Control Host | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
|
|||||
| CVE-2005-3768 | 1 Symantec | 10 Enterprise Firewall, Firewall Vpn Appliance 100, Firewall Vpn Appliance 200 and 7 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
|
|||||
| CVE-2003-0680 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.
|
|||||
| CVE-2005-2147 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
|
|||||