Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0478 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script.
|
|||||
| CVE-2004-1949 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
|
|||||
| CVE-2005-3854 | 1 Easypagecms | 1 Easypagecms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2002-1627 | 1 Mike Spice | 1 Quiz Me | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! before 0.6 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the quiz parameter.
|
|||||
| CVE-2006-0667 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2006-0798 | 1 Macallan | 1 Mail Solution | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands.
|
|||||
| CVE-2006-4460 | 1 Clemens Wacha | 1 Php Iaddressbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2001-1221 | 1 D-link | 1 Dwl-1000ap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
|
|||||
| CVE-2000-0959 | 1 Gnu | 1 Glibc | 2025-04-03 | 1.2 LOW | N/A |
|
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
|
|||||
| CVE-2000-0384 | 1 Intel | 2 Netstructure 7110, Netstructure 7180 | 2025-04-03 | 10.0 HIGH | N/A |
|
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
|
|||||
| CVE-2004-0780 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
|
|||||
| CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.
|
|||||
| CVE-2005-2457 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.
|
|||||
| CVE-2000-1190 | 1 Jon Atkins | 1 Imwheel | 2025-04-03 | 2.1 LOW | N/A |
|
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
|
|||||
| CVE-2005-1256 | 1 Ipswitch | 3 Imail, Imail Server, Ipswitch Collaboration Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
|
|||||
| CVE-1999-0314 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
|
|||||
| CVE-2003-0003 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
|
|||||
| CVE-2001-1548 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 2.1 LOW | N/A |
|
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
|
|||||
| CVE-2002-0310 | 1 Netwin | 1 Webnews | 2025-04-03 | 7.5 HIGH | N/A |
|
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.
|
|||||
| CVE-2006-4213 | 1 David Kent Norman | 1 Thatware | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
|
|||||
| CVE-2006-0542 | 1 Nukedweb | 1 Guestbookhost | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters.
|
|||||
| CVE-2001-1484 | 1 Alcatel | 2 Adsl Modem 1000, Speed Touch Adsl Modem | 2025-04-03 | 7.5 HIGH | N/A |
|
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
|
|||||
| CVE-2006-3725 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent registry keys.
|
|||||
| CVE-2004-1870 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
|
|||||
| CVE-2001-0070 | 1 Upland Solutions | 1 1st Up Mail Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command.
|
|||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp.
|
|||||
| CVE-2005-4433 | 1 Esselbach Internet Solutions | 1 Esselbach Storyteller Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field.
|
|||||
| CVE-1999-0996 | 1 Infoseek | 1 Ultraseek Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.
|
|||||
| CVE-2005-2550 | 1 Gnome | 1 Evolution | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
|
|||||
| CVE-2004-2563 | 1 Serena Software | 1 Serena Teamtrack | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
|
|||||
| CVE-2003-1020 | 2 Irssi, Mandrakesoft | 2 Irssi, Mandrake Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
|
|||||
| CVE-2002-0549 | 1 Anthill | 1 Anthill | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerabilities in Anthill allow remote attackers to execute script as other Anthill users.
|
|||||
| CVE-2006-1441 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
|
|||||
| CVE-2004-1765 | 1 Mod Security | 1 Mod Security | 2025-04-03 | 7.5 HIGH | N/A |
|
Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
|
|||||
| CVE-2006-0994 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption.
|
|||||
| CVE-2005-2489 | 1 Web Content Management | 1 Web Content Management News System | 2025-04-03 | 7.5 HIGH | N/A |
|
Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php.
|
|||||
| CVE-2000-0037 | 1 Great Circle Associates | 1 Majordomo | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.
|
|||||
| CVE-2004-1116 | 1 Gentoo | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
|
|||||
| CVE-2001-1273 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
|
|||||
| CVE-2001-0156 | 1 Van Dyke Technologies | 1 Vshell | 2025-04-03 | 2.1 LOW | N/A |
|
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
|
|||||