Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0179 | 1 Ibm | 2 Lotus Domino Web Server, Lotus Notes Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
|
|||||
| CVE-2001-0743 | 1 Oreilly | 1 Webboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands.
|
|||||
| CVE-2006-4481 | 1 Php | 1 Php | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
|
|||||
| CVE-2004-0757 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
|
|||||
| CVE-2004-2634 | 1 Ibm | 1 Aix | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.
|
|||||
| CVE-2005-2746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
|
|||||
| CVE-2005-0326 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.
|
|||||
| CVE-2005-4084 | 1 Phpbb Styles | 1 Phpbb Extreme Styles | 2025-04-03 | 5.0 MEDIUM | N/A |
|
xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter.
|
|||||
| CVE-2005-4603 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.
|
|||||
| CVE-2006-4073 | 1 Phpcc | 1 Phpcc | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.
|
|||||
| CVE-2001-1410 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
|
|||||
| CVE-2004-0576 | 1 Gnu | 1 Radius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
|
|||||
| CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.8 HIGH | N/A |
|
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
|
|||||
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.
|
|||||
| CVE-2006-0890 | 1 Speedproject | 3 Speedcommander, Squeez, Zipstar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive.
|
|||||
| CVE-2005-0663 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter.
|
|||||
| CVE-2006-4939 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
|
|||||
| CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
|
|||||
| CVE-1999-0916 | 1 Webtrends | 5 Webtrends Enterprise Suite, Webtrends For Firewalls, Webtrends Log Analyzer and 2 more | 2025-04-03 | 2.1 LOW | N/A |
|
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.
|
|||||
| CVE-1999-0182 | 1 Samba | 1 Samba | 2025-04-03 | 10.0 HIGH | N/A |
|
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
|
|||||
| CVE-2005-0008 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."
|
|||||
| CVE-2004-1808 | 1 Metamail Corporation | 1 Metamail | 2025-04-03 | 2.1 LOW | N/A |
|
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2000-0276 | 1 Be | 1 Beos | 2025-04-03 | 2.1 LOW | N/A |
|
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
|
|||||
| CVE-1999-0353 | 1 Hp | 1 Hp-ux | 2025-04-03 | 9.3 HIGH | N/A |
|
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
|
|||||
| CVE-2005-2025 | 1 Cisco | 8 Vpn 3000 Concentrator, Vpn 3000 Concentrator Series Software, Vpn 3005 Concentrator Software and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
|
|||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2004-0454 | 1 Rlpr | 1 Rlpr | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allows local users to execute arbitrary code.
|
|||||
| CVE-2000-0617 | 1 Stanley T. Shebs | 1 Xconq | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.
|
|||||
| CVE-2002-0935 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
|
|||||
| CVE-2006-1212 | 1 Corenews | 1 Corenews | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.
|
|||||
| CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2025-04-03 | 7.2 HIGH | N/A |
|
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.
|
|||||
| CVE-2006-4570 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
|
|||||
| CVE-2005-4235 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.
|
|||||
| CVE-2002-0442 | 1 Caldera | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.
|
|||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.
|
|||||
| CVE-2005-1150 | 1 Sun | 1 Java System Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
|
|||||
| CVE-2005-1785 | 1 Zongg | 1 Zongg | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2001-1210 | 1 Cisco | 3 Ubr920, Ubr924, Ubr925 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
|
|||||
| CVE-2006-3953 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
|
|||||
| CVE-1999-0492 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.
|
|||||