Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2006 | 1 Ivan Zahariev | 1 Izarc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-3259 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
|
|||||
| CVE-2005-0960 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash).
|
|||||
| CVE-2001-0005 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
|
|||||
| CVE-2005-0105 | 1 Typespeed | 1 Typespeed | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.
|
|||||
| CVE-2001-0733 | 1 Ralf S. Engelschall | 1 Eperl | 2025-04-03 | 7.5 HIGH | N/A |
|
The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.
|
|||||
| CVE-1999-1438 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments.
|
|||||
| CVE-2001-1269 | 1 Info-zip | 1 Unzip | 2025-04-03 | 2.1 LOW | N/A |
|
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
|
|||||
| CVE-2005-1303 | 1 Citat.pl | 1 Citat.pl | 2025-04-03 | 7.5 HIGH | N/A |
|
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
|
|||||
| CVE-2002-2224 | 1 Network Associates | 1 Pgp Freeware | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload.
|
|||||
| CVE-2004-1035 | 1 Imap Proxy | 1 Imap Proxy | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain literal values that are not properly handled when using the IMAP_Line_Read function.
|
|||||
| CVE-2004-2388 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
|
|||||
| CVE-1999-0053 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TCP RST denial of service in FreeBSD.
|
|||||
| CVE-2004-1522 | 1 3do | 1 Army Men Real Time Strategy Game | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings.
|
|||||
| CVE-2001-1567 | 1 Ibm | 2 Lotus Domino, Lotus Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
|
|||||
| CVE-1999-0445 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
|
|||||
| CVE-2001-0067 | 1 Judd Montgomery | 1 Jpilot | 2025-04-03 | 2.1 LOW | N/A |
|
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
|
|||||
| CVE-2002-0658 | 1 Ossp | 1 Mm | 2025-04-03 | 6.2 MEDIUM | N/A |
|
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
|
|||||
| CVE-2002-1118 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
|
|||||
| CVE-2004-2112 | 1 Herberlin | 1 Bremsserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.
|
|||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
|
|||||
| CVE-2006-2160 | 1 Russcom Network | 1 Loginphp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering.
|
|||||
| CVE-2006-0380 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory.
|
|||||
| CVE-2006-3516 | 1 Freehost | 1 Freehost | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php.
|
|||||
| CVE-1999-0866 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
|
|||||
| CVE-2001-0947 | 1 Valicert | 1 Enterprise Validation Authority | 2025-04-03 | 7.5 HIGH | N/A |
|
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
|
|||||
| CVE-1999-0259 | 1 Infodrom | 1 Cfingerd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
cfingerd lists all users on a system via search.**@target.
|
|||||
| CVE-2006-2153 | 1 Jbmc Software | 1 Directadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
|
|||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
|||||
| CVE-2004-1421 | 1 Whm | 1 Whm Autopilot | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2001-0605 | 1 Headlight Software | 1 Mygetright | 2025-04-03 | 7.5 HIGH | N/A |
|
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
|
|||||
| CVE-1999-1169 | 1 Flavio Veloso | 1 Nobo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
|
|||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.
|
|||||
| CVE-2003-0878 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
|
|||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
|
|||||
| CVE-2005-1520 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
|
|||||
| CVE-2005-2603 | 1 My Image Gallery | 1 My Image Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters.
|
|||||
| CVE-2006-0965 | 1 Ncp Network Communications | 1 Secure Client | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow.
|
|||||
| CVE-2002-1822 | 1 Ibm | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP).
|
|||||
| CVE-2004-0984 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
|
|||||