Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3721 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
|
|||||
| CVE-2005-3449 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache.
|
|||||
| CVE-2000-0084 | 1 Globalscape | 1 Cuteftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CuteFTP uses weak encryption to store password information in its tree.dat file.
|
|||||
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
|
|||||
| CVE-2005-3977 | 1 Qualityebiz | 1 Qualityppc | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module.
|
|||||
| CVE-2005-0849 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet.
|
|||||
| CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
|
|||||
| CVE-2005-4581 | 1 Scott Draves | 1 Electric Sheep | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
|
|||||
| CVE-2005-1594 | 1 Codethat | 1 Shoppingcart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-4161 | 1 Xennobb | 1 Xennobb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter.
|
|||||
| CVE-2005-0931 | 1 Jimmy | 1 The Includer | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code.
|
|||||
| CVE-2000-0423 | 1 Netwin | 1 Dnews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
|
|||||
| CVE-1999-0029 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
root privileges via buffer overflow in ordist command on SGI IRIX systems.
|
|||||
| CVE-2000-0369 | 1 Caldera | 1 Openlinux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.
|
|||||
| CVE-2001-0089 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
|
|||||
| CVE-2003-0843 | 1 Dag Apt Repository | 1 Mod Gzip | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
|
|||||
| CVE-2004-2070 | 1 Altiris | 1 Client Service | 2025-04-03 | 7.2 HIGH | N/A |
|
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
|
|||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
|
|||||
| CVE-1999-1365 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.
|
|||||
| CVE-2006-4948 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2000-0273 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.
|
|||||
| CVE-2004-1348 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
|
|||||
| CVE-2004-2050 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.
|
|||||
| CVE-2001-0918 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.
|
|||||
| CVE-2005-0700 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
|
|||||
| CVE-2000-0021 | 1 Lotus | 1 Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin.
|
|||||
| CVE-2003-0955 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.
|
|||||
| CVE-2005-3508 | 1 Galerie | 1 Galerie | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.
|
|||||
| CVE-2004-2607 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.
|
|||||
| CVE-2001-0375 | 1 Cisco | 2 Pix Firewall 515, Pix Firewall 520 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
|
|||||
| CVE-2004-0768 | 1 Greg Roelofs | 1 Libpng3 | 2025-04-03 | 7.5 HIGH | N/A |
|
libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
|
|||||
| CVE-2001-1373 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
|
|||||
| CVE-2005-4635 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages.
|
|||||
| CVE-2006-4615 | 1 Shape Services | 1 Im\+ Mobile Instant Messenger | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.
|
|||||
| CVE-2005-1421 | 1 Raysoft | 1 Video Cam Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.
|
|||||
| CVE-2004-2156 | 1 Recruitment Agency Software | 1 Online Recruitment Agency | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.
|
|||||
| CVE-2002-1615 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader.
|
|||||
| CVE-2004-2222 | 1 Fsphpgallery | 1 Fsphpgallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter.
|
|||||
| CVE-2006-4041 | 1 Pike | 1 Pike | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
|
|||||
| CVE-2006-3811 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references t ...
Show More |
|||||