Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4463 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-se ...
Show More |
|||||
| CVE-2000-1220 | 2 Redhat, Sgi | 2 Linux, Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
|
|||||
| CVE-2001-0873 | 1 Ian Lance Taylor | 1 Taylor Uucp | 2025-04-03 | 7.2 HIGH | N/A |
|
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
|
|||||
| CVE-2003-0735 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
|
|||||
| CVE-2001-0066 | 1 Kevin Lindsay | 1 Secure Locate | 2025-04-03 | 7.2 HIGH | N/A |
|
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
|
|||||
| CVE-2005-1964 | 1 Cantico | 1 Ovidentia | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter.
|
|||||
| CVE-2006-1825 | 1 Phplinks | 1 Phplinks | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.
|
|||||
| CVE-2006-1320 | 1 Rssh | 1 Rssh | 2025-04-03 | 7.5 HIGH | N/A |
|
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
|
|||||
| CVE-2004-1697 | 1 Ca | 1 Unicenter Management | 2025-04-03 | 7.5 HIGH | N/A |
|
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
|
|||||
| CVE-2005-3853 | 1 Solucija | 1 Snews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.
|
|||||
| CVE-2002-1011 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2004-1890 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode.
|
|||||
| CVE-2004-0945 | 1 Mitel | 1 Mitel 3300 Integrated Communication Platform | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.
|
|||||
| CVE-2004-0031 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 7.5 HIGH | N/A |
|
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
|
|||||
| CVE-2003-0025 | 1 Horde | 1 Imp | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
|
|||||
| CVE-2006-2654 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.
|
|||||
| CVE-2006-1374 | 1 Brain Book Software | 1 Adman | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.
|
|||||
| CVE-2004-0987 | 2 Yard Radius, Yard Radius Project | 2 Yard Radius, Yard Radius | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-0198 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
finger .@host on some systems may print information on some user accounts.
|
|||||
| CVE-2000-0726 | 1 Stalkerlab | 1 Mailers | 2025-04-03 | 2.6 LOW | N/A |
|
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
|
|||||
| CVE-2000-0371 | 1 Kde | 1 Kde | 2025-04-03 | 1.2 LOW | N/A |
|
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
|
|||||
| CVE-2005-2719 | 1 Flagship Industries | 1 Ventrilo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784.
|
|||||
| CVE-2000-0559 | 1 Broadcom | 1 Etrust Intrusion Detection | 2025-04-03 | 2.1 LOW | N/A |
|
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
|
|||||
| CVE-2001-0978 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.5 HIGH | N/A |
|
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
|
|||||
| CVE-2005-0370 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket.
|
|||||
| CVE-2006-4092 | 1 Simpliciti | 1 Locked Browser | 2025-04-03 | 3.6 LOW | N/A |
|
Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
|
|||||
| CVE-2006-2699 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.
|
|||||
| CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2025-04-03 | 6.4 MEDIUM | N/A |
|
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
|
|||||
| CVE-2004-1102 | 1 Tips | 1 Mailpost | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information.
|
|||||
| CVE-1999-0504 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
A Windows NT local user or administrator account has a default, null, blank, or missing password.
|
|||||
| CVE-2006-0971 | 1 Lionel Reyero | 1 Directcontact | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-1999-0062 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
|
|||||
| CVE-2005-3736 | 1 Coastal Data Management | 1 E-quick Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp.
|
|||||
| CVE-2002-1792 | 1 Fake Identd | 1 Fake Identd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.
|
|||||
| CVE-1999-0822 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.
|
|||||
| CVE-2002-1339 | 1 Microsoft | 1 Office Web Components | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.
|
|||||
| CVE-2000-0534 | 1 Aps Filter Development Team | 1 Apsfilter | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.
|
|||||
| CVE-2000-0678 | 1 Pgp | 1 Pgp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
|
|||||
| CVE-2004-2581 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."
|
|||||