Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0816 | 1 Motorola | 1 Motorola Cablerouter | 2025-04-03 | 10.0 HIGH | N/A |
|
The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
|
|||||
| CVE-2006-1156 | 1 Manas Tungare | 1 Site Membership Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp.
|
|||||
| CVE-2005-0009 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2005-2540 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.
|
|||||
| CVE-2002-0679 | 6 Caldera, Compaq, Hp and 3 more | 8 Openunix, Unixware, Tru64 and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
|
|||||
| CVE-2006-1139 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack.
|
|||||
| CVE-2001-1350 | 1 Namazu | 1 Namazu | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
|
|||||
| CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.
|
|||||
| CVE-2005-1724 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2004-0597 | 2 Greg Roelofs, Microsoft | 6 Libpng, Msn Messenger, Windows 98se and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
|
|||||
| CVE-2005-0570 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL.
|
|||||
| CVE-2000-0441 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
|
|||||
| CVE-2005-1054 | 1 Moderngigabyte | 1 Modernbill | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-3776 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
|
|||||
| CVE-2002-0881 | 1 Cisco | 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 | 2025-04-03 | 2.1 LOW | N/A |
|
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
|
|||||
| CVE-2002-0872 | 1 L2tpd | 1 L2tpd | 2025-04-03 | 7.5 HIGH | N/A |
|
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.
|
|||||
| CVE-2000-0900 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
|
|||||
| CVE-2005-0048 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
|
|||||
| CVE-2001-0038 | 1 Metaproducts | 1 Offline Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL.
|
|||||
| CVE-2000-1068 | 1 Cgi-world | 2 Poll It, Poll It Pro | 2025-04-03 | 10.0 HIGH | N/A |
|
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.
|
|||||
| CVE-2000-0739 | 1 Network Associates | 1 Net Tools Pki Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
|
|||||
| CVE-2006-1029 | 1 Joomla | 1 Joomla | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.
|
|||||
| CVE-2005-4527 | 1 Direct News | 1 Direct News | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.
|
|||||
| CVE-2006-2168 | 1 Fileprotection Express | 1 Fileprotection Express | 2025-04-03 | 7.5 HIGH | N/A |
|
FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.
|
|||||
| CVE-2005-1981 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
|
|||||
| CVE-2005-1822 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
|
|||||
| CVE-2005-0858 | 1 Coolforum | 1 Coolforum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.
|
|||||
| CVE-1999-0403 | 1 Cyrix | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.
|
|||||
| CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
|
|||||
| CVE-2006-0521 | 1 Browsercrm | 1 Browsercrm | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.
|
|||||
| CVE-2001-0863 | 1 Cisco | 1 12000 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
|
|||||
| CVE-2000-0067 | 1 Cybercash | 1 Merchant Connection Kit | 2025-04-03 | 2.1 LOW | N/A |
|
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
|
|||||
| CVE-2006-0598 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.
|
|||||
| CVE-1999-0120 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
|
|||||
| CVE-2005-2864 | 1 Urban | 1 Urban | 2025-04-03 | 2.1 LOW | N/A |
|
URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.
|
|||||
| CVE-2004-1123 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
|
|||||
| CVE-2002-2036 | 1 Sun | 1 Ray Server Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.
|
|||||
| CVE-2001-1117 | 1 Linksys | 1 Befsr41 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
|
|||||
| CVE-2002-0746 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
|
|||||
| CVE-2001-0352 | 2 3com, Symbol | 2 3crwe747a, 41x1 Access Point | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
|
|||||