Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2450 | 1 Gamespy | 4 Roger Wilco, Roger Wilco Dedicated Server, Roger Wilco Graphical Server and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2001-0706 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-03 | 2.1 LOW | N/A |
|
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
|
|||||
| CVE-2006-0918 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field.
|
|||||
| CVE-2003-0277 | 1 Happycgi | 1 Happymall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
|
|||||
| CVE-2006-4547 | 1 Lyris | 1 List Manager | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
|
|||||
| CVE-2005-0784 | 1 Phorum | 1 Phorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.
|
|||||
| CVE-2001-0934 | 1 Cooolsoft | 1 Powerftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname.
|
|||||
| CVE-2006-0430 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
|
|||||
| CVE-2006-1813 | 1 Phpwebftp | 1 Phpwebftp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter.
|
|||||
| CVE-2005-0329 | 1 Zipgenius | 1 Zipgenius | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.
|
|||||
| CVE-2006-0009 | 1 Microsoft | 2 Office, Works | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
|
|||||
| CVE-2006-4255 | 1 Horde | 2 Horde, Imp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.
|
|||||
| CVE-2006-2552 | 1 Jemscripts | 1 Downloadcontrol | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php.
|
|||||
| CVE-2006-2170 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
|
|||||
| CVE-1999-1569 | 1 Id Software | 1 Quake | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
|
|||||
| CVE-2001-1468 | 1 Secure Reality | 1 Phpsecurepages | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-1290 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
|
|||||
| CVE-1999-1284 | 1 Puppets Place | 1 Nukenabber | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.
|
|||||
| CVE-2006-2430 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
|
|||||
| CVE-2002-0668 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 7.5 HIGH | N/A |
|
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
|
|||||
| CVE-2006-2303 | 1 Mirabilis | 1 Icq | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object.
|
|||||
| CVE-2000-0462 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
|
|||||
| CVE-2002-1106 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
|
|||||
| CVE-2006-2411 | 1 Raydium | 1 Raydium | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client.
|
|||||
| CVE-2001-0913 | 1 Network Solutions | 1 Rwhoisd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers.
|
|||||
| CVE-2006-0125 | 1 Appserv Open Project | 1 Appserv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue.
|
|||||
| CVE-2001-0523 | 1 Eeye Digital Security | 2 Secureiis, Securells | 2025-04-03 | 7.5 HIGH | N/A |
|
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
|
|||||
| CVE-2002-1230 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
|
|||||
| CVE-2006-2366 | 1 Openobex | 1 Openobex | 2025-04-03 | 2.6 LOW | N/A |
|
ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.
|
|||||
| CVE-2005-4139 | 1 Thwboard | 1 Thwboard Beta | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
|
|||||
| CVE-2004-2343 | 1 Apache | 1 Http Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument
|
|||||
| CVE-2006-1393 | 1 University Of Washington | 1 Pubcookie | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
|
|||||
| CVE-2004-0536 | 1 Tripwire | 1 Tripwire | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
|
|||||
| CVE-1999-0330 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux bdash game has a buffer overflow that allows local users to gain root access.
|
|||||
| CVE-2006-3913 | 1 Freeciv | 1 Freeciv | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.
|
|||||
| CVE-2005-1059 | 1 Linksys | 1 Wet11 | 2025-04-03 | 2.1 LOW | N/A |
|
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.
|
|||||
| CVE-2005-0651 | 1 Projectbb | 1 Projectbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section.
|
|||||
| CVE-2002-1056 | 1 Microsoft | 2 Outlook, Word | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
|
|||||
| CVE-2001-1175 | 1 Andries Brouwer | 1 Util-linux | 2025-04-03 | 7.2 HIGH | N/A |
|
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
|
|||||
| CVE-2001-1199 | 1 Steve Kneizys | 1 Agora.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
|
|||||