Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1151 | 1 Abisoft | 1 Baxter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
|
|||||
| CVE-2005-0440 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 7.5 HIGH | N/A |
|
ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.
|
|||||
| CVE-2001-0275 | 1 Moby | 1 Netsuite Web Server | 2025-04-03 | 2.1 LOW | N/A |
|
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
|
|||||
| CVE-2004-0885 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
|
|||||
| CVE-2003-0834 | 1 Sco | 2 Open Unix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
|
|||||
| CVE-2005-4172 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 5.0 MEDIUM | N/A |
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.
|
|||||
| CVE-2006-2141 | 1 Collaborative Portal Server Project | 1 Collaborative Portal Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument.
|
|||||
| CVE-1999-0853 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
|
|||||
| CVE-2006-2467 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.
|
|||||
| CVE-2006-3956 | 1 Total Online Solutions | 1 Advanced Webhost Billing System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.
|
|||||
| CVE-2006-3213 | 1 Webboa | 1 Webboa | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp.
|
|||||
| CVE-2000-0533 | 1 Sgi | 1 Workshop Debugger And Performance Tools | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
|
|||||
| CVE-2004-0016 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 7.5 HIGH | N/A |
|
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
|
|||||
| CVE-1999-0511 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
IP forwarding is enabled on a machine which is not a router or firewall.
|
|||||
| CVE-2003-0794 | 1 Gnome | 1 Gdm | 2025-04-03 | 2.1 LOW | N/A |
|
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results.
|
|||||
| CVE-2006-0606 | 1 Unknown Domain | 1 Shoutbox | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2025-04-03 | 2.1 LOW | N/A |
|
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
|
|||||
| CVE-2005-2097 | 2 Kde, Xpdf | 2 Kpdf, Xpdf | 2025-04-03 | 2.1 LOW | N/A |
|
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
|
|||||
| CVE-2006-3704 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4.
|
|||||
| CVE-2000-0234 | 1 Sun | 2 Cobalt Raq 2, Cobalt Raq 3i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
|
|||||
| CVE-2004-1611 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.
|
|||||
| CVE-1999-0262 | 1 Renaud Deraison | 1 Faxsurvey | 2025-04-03 | 7.5 HIGH | N/A |
|
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
|
|||||
| CVE-2006-1544 | 1 Vscripts | 1 Vnews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters.
|
|||||
| CVE-1999-0990 | 1 Gnome | 1 Gdm | 2025-04-03 | 2.1 LOW | N/A |
|
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
|
|||||
| CVE-2006-4803 | 1 Netiq | 1 Identity Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
|
|||||
| CVE-2005-0965 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.
|
|||||
| CVE-2000-0644 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.
|
|||||
| CVE-2005-4689 | 1 Six Apart | 1 Movable Type | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.
|
|||||
| CVE-2005-3071 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
|
|||||
| CVE-2003-0936 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 7.2 HIGH | N/A |
|
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
|
|||||
| CVE-2006-2893 | 1 Gantty | 1 Gantty | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action.
|
|||||
| CVE-2002-0232 | 1 Mrtg | 1 Multi Router Traffic Grapher Cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
|
|||||
| CVE-1999-1200 | 1 Vintra Systems | 1 Smtp Mailserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command.
|
|||||
| CVE-2006-0168 | 1 Myphpim | 1 Myphpim | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page.
|
|||||
| CVE-1999-0551 | 1 Hp | 1 Openmail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.
|
|||||
| CVE-2000-0073 | 1 Microsoft | 3 Windows 2000, Windows 98, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
|
|||||
| CVE-2005-4336 | 1 Courseforum | 1 Projectforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group.
|
|||||
| CVE-2004-2629 | 1 First Virtual Communications | 4 Click To Meet Express, Click To Meet Premier, Conference Server and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
|
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
|
|||||
| CVE-1999-0767 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
|
|||||
| CVE-2006-0426 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
|
|||||