Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0145 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.
|
|||||
| CVE-2000-0583 | 1 Inter7 | 1 Vpopmail Vchkpw | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
|
|||||
| CVE-2004-0215 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
|
|||||
| CVE-2006-1679 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php.
|
|||||
| CVE-2006-1856 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.5 HIGH | N/A |
|
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
|
|||||
| CVE-2005-0023 | 1 Gnome | 2 Libvte4, Libzvt2 | 2025-04-03 | 2.1 LOW | N/A |
|
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
|
|||||
| CVE-2002-1597 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface.
|
|||||
| CVE-2002-2156 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
|
|||||
| CVE-2005-1663 | 1 Jeuce | 1 Jeuce Personal Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://".
|
|||||
| CVE-2002-1732 | 1 Actinic | 1 Actinic Catalog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog 4.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string argument to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) PRODREF parameter to ss000007.pl, or (4) hop parameter to ca000001.pl.
|
|||||
| CVE-2000-0640 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.
|
|||||
| CVE-2003-1002 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
|
|||||
| CVE-2004-1921 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2025-04-03 | 7.5 HIGH | N/A |
|
X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access.
|
|||||
| CVE-2003-0448 | 1 Aboleo.net | 1 Portmon | 2025-04-03 | 3.6 LOW | N/A |
|
Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.
|
|||||
| CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-4662 | 1 Mirabilis | 1 Icq | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
|
|||||
| CVE-2003-0151 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
|
|||||
| CVE-2006-2182 | 1 Albinator | 1 Albinator | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
|
|||||
| CVE-2003-1124 | 1 Sun | 1 Management\+center | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.
|
|||||
| CVE-2001-1150 | 1 Trend Micro | 2 Officescan, Virus Buster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
|
|||||
| CVE-2006-1975 | 1 Stadtaus.com | 1 Php-gastebuch | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.
|
|||||
| CVE-2002-0264 | 1 Cooolsoft | 1 Powerftp | 2025-04-03 | 7.5 HIGH | N/A |
|
PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges.
|
|||||
| CVE-2002-1854 | 1 Rlaj | 1 Rlaj Whois | 2025-04-03 | 10.0 HIGH | N/A |
|
Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.
|
|||||
| CVE-2005-2191 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp.
|
|||||
| CVE-1999-1074 | 1 Webmin | 1 Webmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
|
|||||
| CVE-2006-0488 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.
|
|||||
| CVE-2002-2398 | 1 App | 1 Apboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter.
|
|||||
| CVE-2003-0316 | 1 Fourelle Venturi Wireless | 1 Venturi Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers.
|
|||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
|
|||||
| CVE-2006-3781 | 1 Sun | 1 Solaris | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.
|
|||||
| CVE-2001-0915 | 1 Berkeley | 1 Pmake | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition.
|
|||||
| CVE-2001-0920 | 1 Patrick Schemitz | 1 Autonice Daemon | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
|
|||||
| CVE-2005-1521 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2006-1041 | 1 Gregarius | 1 Gregarius | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php.
|
|||||
| CVE-2001-0367 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
|
|||||
| CVE-2005-3551 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.
|
|||||
| CVE-2001-0317 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
|
|||||
| CVE-2005-1007 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages.
|
|||||
| CVE-2004-0676 | 1 Fastream | 1 Netfile Ftp Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
|
|||||
| CVE-2004-0503 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
|
|||||