Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0240 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
|
|||||
| CVE-1999-0914 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
|
|||||
| CVE-2001-0790 | 1 Specter | 1 Specter Ids | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts.
|
|||||
| CVE-2006-3267 | 1 Infinite Core Technologies | 1 Ict | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
|
|||||
| CVE-2006-4648 | 1 Bingo News | 1 Bingo News | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
|
|||||
| CVE-2006-3076 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.
|
|||||
| CVE-2005-4869 | 1 Ibm | 1 Db2 | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.
|
|||||
| CVE-2000-0667 | 1 Conectiva | 1 Linux | 2025-04-03 | 3.6 LOW | N/A |
|
Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.
|
|||||
| CVE-2002-1148 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
|
|||||
| CVE-2005-4300 | 1 Libremail | 1 Libremail | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response.
|
|||||
| CVE-1999-0837 | 2 Isc, Sun | 3 Bind, Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Denial of service in BIND by improperly closing TCP sessions via so_linger.
|
|||||
| CVE-2006-4450 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.1 MEDIUM | N/A |
|
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
|
|||||
| CVE-2006-3517 | 1 Rwscripts.com | 1 Rw Download | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
|
|||||
| CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript.
|
|||||
| CVE-2003-0149 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
|
|||||
| CVE-2004-0308 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.
|
|||||
| CVE-2006-3682 | 1 Awstats | 1 Awstats | 2025-04-03 | 5.0 MEDIUM | N/A |
|
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
|
|||||
| CVE-2004-1128 | 1 Youngzsoft | 1 Cmailserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename.
|
|||||
| CVE-2006-3031 | 1 Fipsasp | 1 Fipscms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters.
|
|||||
| CVE-2005-0770 | 1 Datarescue | 1 Ida Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a dynamic link library (DLL) name.
|
|||||
| CVE-2002-1640 | 1 Oracle | 1 Configurator | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
|
|||||
| CVE-2004-0118 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
|
|||||
| CVE-2006-4613 | 1 Securecomputing | 4 Snapgear Sg560, Snapgear Sg565, Snapgear Sg580 and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018.
|
|||||
| CVE-1999-1064 | 1 Windowmaker | 1 Windowmaker | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]).
|
|||||
| CVE-2002-1581 | 2 Debian, Mailreader.com | 2 Debian Linux, Mailreader.com | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
|
|||||
| CVE-2004-1570 | 1 Eaden Mckee | 1 Bblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
|||||
| CVE-2002-1656 | 1 Xqus | 1 X-news | 2025-04-03 | 7.5 HIGH | N/A |
|
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
|
|||||
| CVE-2005-0059 | 1 Microsoft | 4 Windows 2000, Windows 98, Windows 98se and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
|
|||||
| CVE-2006-4124 | 1 Lesstif | 1 Lesstif | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
|
|||||
| CVE-1999-1586 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
|
|||||
| CVE-2004-2309 | 1 Crob | 1 Crob Ftp Server | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
|
|||||
| CVE-2001-1181 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
|
|||||
| CVE-2004-2542 | 1 Dynix | 1 Webpac | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.
|
|||||
| CVE-2005-4842 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.1 HIGH | N/A |
|
The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2006-0554 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 1.7 LOW | N/A |
|
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
|
|||||
| CVE-2005-2159 | 1 Planetdns | 1 Planetfileserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request.
|
|||||
| CVE-2002-0132 | 1 Chinput | 1 Chinput | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable.
|
|||||
| CVE-2006-3854 | 1 Ibm | 1 Informix Dynamic Database Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853.
|
|||||
| CVE-2005-2153 | 1 Osticket | 1 Osticket Sts | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.
|
|||||
| CVE-2000-0397 | 1 Seattle Lab Software | 1 Emurl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.
|
|||||