Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1260 | 1 Globalscape | 1 Cuteftp | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.
|
|||||
| CVE-2003-0644 | 1 Johannes Sixt | 1 Kdbg | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
|
|||||
| CVE-2001-1094 | 1 Crosstec Corporation | 1 Netop School | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
|
|||||
| CVE-2006-0494 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.
|
|||||
| CVE-2006-4990 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, ...
Show More |
|||||
| CVE-2005-2397 | 1 Gnu | 1 Phpbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook 1.46 allows remote attackers to inject arbitrary web script or HTML via the admin parameter.
|
|||||
| CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
|
|||||
| CVE-2002-1629 | 1 Multi-tech | 1 Proxyserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, MTPSR2-201, and MTPSR3-200 ship with a null password, which allows remote attackers to gain administrative privileges via Telnet or HTTP.
|
|||||
| CVE-2005-0630 | 1 Pblang | 1 Pblang | 2025-04-03 | 2.1 LOW | N/A |
|
sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
|
|||||
| CVE-2005-4083 | 1 Phpbb Styles | 1 Extreme Styles Phpbb Module | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.
|
|||||
| CVE-2003-0580 | 1 Ibm | 1 U2 Universe | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument.
|
|||||
| CVE-2001-0907 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
|
|||||
| CVE-2005-1558 | 1 Neteyes | 1 Nexusway | 2025-04-03 | 7.5 HIGH | N/A |
|
The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie.
|
|||||
| CVE-2004-0149 | 1 Xboing | 1 Xboing | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges.
|
|||||
| CVE-2005-4691 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.
|
|||||
| CVE-1999-1356 | 1 Compaq | 1 Smartstart | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.
|
|||||
| CVE-2000-1111 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
|
|||||
| CVE-2005-1452 | 1 S9y | 1 Serendipity | 2025-04-03 | 10.0 HIGH | N/A |
|
Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."
|
|||||
| CVE-1999-0801 | 1 Bmc | 1 Patrol Agent | 2025-04-03 | 10.0 HIGH | N/A |
|
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
|
|||||
| CVE-2004-2329 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 7.2 HIGH | N/A |
|
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.
|
|||||
| CVE-2004-1105 | 1 Nortel | 1 Contivity | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.
|
|||||
| CVE-2002-1737 | 1 Astaro | 1 Security Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2001-1000 | 1 Merit | 1 Aaa Radius Server | 2025-04-03 | 2.1 LOW | N/A |
|
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
|
|||||
| CVE-2005-4372 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2005-2329 | 1 Mrv Communications | 3 In Reach Lx 1000s, In Reach Lx 4000s, In Reach Lx 8000s | 2025-04-03 | 4.6 MEDIUM | N/A |
|
MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users.
|
|||||
| CVE-2003-0166 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
|
|||||
| CVE-2004-0116 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
|
|||||
| CVE-2001-0047 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.
|
|||||
| CVE-2005-0238 | 4 Gnome, Mozilla, Omnigroup and 1 more | 5 Epiphany, Camino, Mozilla and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
|
|||||
| CVE-2003-0476 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
|
|||||
| CVE-1999-1530 | 1 Sun | 2 Cobalt Raq 2, Cobalt Raq 3i | 2025-04-03 | 3.6 LOW | N/A |
|
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
|
|||||
| CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2025-04-03 | 7.5 HIGH | N/A |
|
The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections.
|
|||||
| CVE-2005-4435 | 1 Abledesign | 1 D-man | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2002-1154 | 1 Stephen Turner | 1 Analog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
|
|||||
| CVE-2006-3640 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
|
|||||
| CVE-2002-2127 | 1 Pedestal Software | 1 Integrity Protection Driver | 2025-04-03 | 2.1 LOW | N/A |
|
Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink.
|
|||||
| CVE-2005-1079 | 1 Mike De Boer | 1 Zoom Media Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-1999-0358 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
|
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.
|
|||||
| CVE-2001-1566 | 2 Vanessa, Verge | 2 Vanessa Logger, Perdition | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.
|
|||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2025-04-03 | 2.6 LOW | N/A |
|
Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination.
|
|||||