Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3124 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 2.1 LOW | N/A |
|
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2001-0650 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
|
|||||
| CVE-2006-3860 | 1 Ibm | 1 Informix Dynamic Database Server | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.
|
|||||
| CVE-2005-3765 | 1 Exponent | 1 Exponent | 2025-04-03 | 7.5 HIGH | N/A |
|
Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-2247 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2003-1153 | 1 Bytehoard | 1 Bytehoard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.
|
|||||
| CVE-2005-0647 | 1 Php Arena | 1 Panews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
|
|||||
| CVE-1999-1287 | 1 Stephen Turner | 1 Analog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface.
|
|||||
| CVE-2002-1605 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession.
|
|||||
| CVE-2002-1025 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
|
|||||
| CVE-2006-0232 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
|
|||||
| CVE-2002-2209 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.
|
|||||
| CVE-2005-0667 | 5 Altlinux, Gentoo, Redhat and 2 more | 7 Alt Linux, Linux, Enterprise Linux and 4 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
|
|||||
| CVE-2006-0991 | 1 Veritas | 1 Netbackup | 2025-04-03 | 7.1 HIGH | N/A |
|
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
|
|||||
| CVE-2006-3523 | 1 Clearswift | 1 Mimesweeper For Web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate.
|
|||||
| CVE-2005-0820 | 1 Microsoft | 1 Office Infopath | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
|
|||||
| CVE-2004-1616 | 1 Links | 1 Links | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme.
|
|||||
| CVE-2006-3979 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.2 HIGH | N/A |
|
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
|
|||||
| CVE-2000-1234 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
|
|||||
| CVE-2006-3765 | 1 Huttenlocher Webdesign | 1 Hwdeguest | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.
|
|||||
| CVE-2005-2545 | 1 Phpopenchat | 1 Phpopenchat | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php.
|
|||||
| CVE-2001-0548 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
|
|||||
| CVE-1999-1070 | 1 Xylogics | 1 Annex | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter.
|
|||||
| CVE-2005-2820 | 1 Inter7 | 1 Sqwebmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
|
|||||
| CVE-2005-2947 | 1 Killprocess | 1 Killprocess | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource.
|
|||||
| CVE-2001-0096 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
|
|||||
| CVE-2000-0358 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.
|
|||||
| CVE-2002-1053 | 1 W3c | 1 Jigsaw | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
|
|||||
| CVE-1999-0664 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
An application-critical Windows NT registry key has inappropriate permissions.
|
|||||
| CVE-2003-1067 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
|
|||||
| CVE-2005-0702 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
|
|||||
| CVE-2005-4085 | 1 Bluecoat | 2 Proxyav, Webproxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
|
|||||
| CVE-1999-1062 | 1 Hp | 1 Jetdirect | 2025-04-03 | 7.5 HIGH | N/A |
|
HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.
|
|||||
| CVE-2005-3726 | 1 Interspire | 1 Articlelive Nx | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter.
|
|||||
| CVE-2006-2703 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2004-0588 | 1 Usermin | 1 Usermin | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
|
|||||
| CVE-1999-0022 | 6 Bsdi, Freebsd, Hp and 3 more | 7 Bsd Os, Freebsd, Hp-ux and 4 more | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
|
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
|
|||||
| CVE-2001-0081 | 1 Ncipher | 1 Ncipher | 2025-04-03 | 5.0 MEDIUM | N/A |
|
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.
|
|||||
| CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
|
|||||
| CVE-2002-0683 | 1 Pacific Software | 1 Carello | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter.
|
|||||