Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1972 | 1 Interactivephp | 1 Fusionbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 Beta and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username, which is not properly handled by the insertUser function, or (2) the bb_session_id value in a cookie.
|
|||||
| CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
|
|||||
| CVE-2002-2114 | 1 Netjuke | 1 Netjuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call.
|
|||||
| CVE-2005-1729 | 1 Novell | 1 Edirectory | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1.
|
|||||
| CVE-2004-1854 | 1 Picophone | 1 Internet Telephone | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet.
|
|||||
| CVE-2005-0390 | 1 Axel | 1 Axel | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2004-0899 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
|
|||||
| CVE-2005-1454 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.
|
|||||
| CVE-1999-1489 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument.
|
|||||
| CVE-2000-0372 | 1 Caldera | 1 Openlinux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.
|
|||||
| CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2006-4485 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
|
|||||
| CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
|
|||||
| CVE-2000-0367 | 1 Michael Jennings | 1 Eterm | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
|
|||||
| CVE-1999-1433 | 1 Hp | 1 Jetadmin | 2025-04-03 | 7.2 HIGH | N/A |
|
HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
|
|||||
| CVE-2004-0270 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 5.0 MEDIUM | N/A |
|
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
|
|||||
| CVE-2001-1012 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
|
|||||
| CVE-2006-4557 | 1 Robert Jewell | 1 Discloser | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute
|
|||||
| CVE-2006-0934 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form.
|
|||||
| CVE-2005-4626 | 1 Recruitment Software | 1 Recruitment Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request.
|
|||||
| CVE-2002-2284 | 1 Netscape | 1 Communicator | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
|
|||||
| CVE-2006-1195 | 1 Enet | 1 Enet Library | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails.
|
|||||
| CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-0943 | 1 Openlink | 1 Openlink | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
|
|||||
| CVE-2004-2599 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
|
|||||
| CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
|
|||||
| CVE-2006-4723 | 1 Raidenhttpd | 1 Raidenhttpd | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter.
|
|||||
| CVE-2006-1376 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).
|
|||||
| CVE-2004-1634 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
|
|||||
| CVE-1999-0032 | 5 Bsdi, Freebsd, Next and 2 more | 5 Bsd Os, Freebsd, Nextstep and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
|
|||||
| CVE-2006-0247 | 1 Netbula | 1 Anyboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command.
|
|||||
| CVE-2001-1108 | 1 Snapstream | 1 Pvs | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.
|
|||||
| CVE-2005-1516 | 1 Netwin | 1 Dmail | 2025-04-03 | 7.5 HIGH | N/A |
|
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
|
|||||
| CVE-2006-0943 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2002-1005 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop.
|
|||||
| CVE-2002-2007 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
|
|||||
| CVE-1999-0254 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | N/A |
|
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
|
|||||
| CVE-1999-0654 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The OS/2 or POSIX subsystem in NT is enabled.
|
|||||
| CVE-2006-0433 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop).
|
|||||
| CVE-2006-4110 | 1 Apache | 1 Http Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
|
|||||