Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0417 | 1 Endymion | 1 Mailman Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
|
|||||
| CVE-2006-0478 | 1 Cre Loaded | 1 Cre Loaded | 2025-04-03 | 7.5 HIGH | N/A |
|
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with ...
Show More |
|||||
| CVE-2000-0574 | 2 Openbsd, Washington University | 2 Ftpd, Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
|
|||||
| CVE-2002-1202 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files.
|
|||||
| CVE-2006-2946 | 1 Dmx Forum | 1 Dmx Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
|
|||||
| CVE-2006-2194 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2025-04-03 | 7.2 HIGH | N/A |
|
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
|
|||||
| CVE-2002-1251 | 1 Log2mail | 1 Log2mail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.
|
|||||
| CVE-2006-4800 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
|
|||||
| CVE-2006-2236 | 1 Id Software | 4 Quake 3 Arena, Quake 3 Engine, Return To Castle Wolfenstein and 1 more | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
|
|||||
| CVE-2004-0989 | 5 Redhat, Trustix, Ubuntu and 2 more | 6 Fedora Core, Secure Linux, Ubuntu Linux and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
|
|||||
| CVE-2004-0154 | 1 Nfs | 1 Nfs-utils | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.
|
|||||
| CVE-2000-1062 | 1 Hp | 1 Jetdirect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
|
|||||
| CVE-2006-1642 | 1 Interact | 1 Interact | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named ve ...
Show More |
|||||
| CVE-1999-0210 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
|
|||||
| CVE-2004-1309 | 1 Mplayer | 1 Unix Mplayer | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.
|
|||||
| CVE-2002-1589 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
|
|||||
| CVE-2001-0373 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
|
|||||
| CVE-2002-0453 | 1 Oblix | 1 Netpoint | 2025-04-03 | 7.5 HIGH | N/A |
|
The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.
|
|||||
| CVE-1999-1153 | 1 Hamcards Postcard Cgi | 1 Hamcards Postcard Cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
|
|||||
| CVE-2002-0180 | 1 Bradford Barrett | 1 Webalizer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname.
|
|||||
| CVE-2000-0370 | 1 Caldera | 1 Openlinux | 2025-04-03 | 10.0 HIGH | N/A |
|
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.
|
|||||
| CVE-2004-2383 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios ar ...
Show More |
|||||
| CVE-2005-0533 | 1 Trend Micro | 15 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 12 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
|
|||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-0172 | 1 Hummingbird | 1 Enterprise Collaboration | 2025-04-03 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.
|
|||||
| CVE-2002-1093 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
|
|||||
| CVE-2001-0259 | 1 Ssh | 1 Ssh | 2025-04-03 | 3.6 LOW | N/A |
|
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
|
|||||
| CVE-2004-1835 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.
|
|||||
| CVE-2005-1096 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
|
|||||
| CVE-2001-1361 | 1 Twig Development Team | 1 Twig | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
|
|||||
| CVE-1999-0927 | 1 Gordano | 1 Ntmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2001-0751 | 1 Cisco | 1 Cbos | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
|
|||||
| CVE-2003-0194 | 1 Redhat | 2 Linux, Tcpdump | 2025-04-03 | 4.6 MEDIUM | N/A |
|
tcpdump does not properly drop privileges to the pcap user when starting up.
|
|||||
| CVE-2005-4487 | 1 Ramsite | 1 R1 Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter.
|
|||||
| CVE-2002-1147 | 1 Hp | 1 Procurve Switch 4000m | 2025-04-03 | 7.1 HIGH | N/A |
|
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
|
|||||
| CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
|
|||||
| CVE-2006-0665 | 1 Mantis | 1 Mantis | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
|
|||||
| CVE-2004-1168 | 1 Mysql | 1 Maxdb | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
|
|||||
| CVE-2006-2746 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
|
|||||
| CVE-2006-4884 | 1 Idevspot | 1 Isupport | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||