Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0774 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 10.0 HIGH | N/A |
|
Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.
|
|||||
| CVE-2004-0698 | 1 4d | 1 Webstar | 2025-04-03 | 3.6 LOW | N/A |
|
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0950 | 1 Transware | 1 Active Mail | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and 2.0 allows remote attackers to execute arbitrary code via a certain e-mail header, which is not properly filtered.
|
|||||
| CVE-2002-1355 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages.
|
|||||
| CVE-2002-1235 | 3 Debian, Kth, Mit | 4 Debian Linux, Kth Kerberos 4, Kth Kerberos 5 and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
|
|||||
| CVE-2003-0101 | 3 Engardelinux, Usermin, Webmin | 3 Guardian Digital Webtool, Usermin, Webmin | 2025-04-03 | 10.0 HIGH | N/A |
|
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
|
|||||
| CVE-2005-0439 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.
|
|||||
| CVE-2005-0074 | 1 Xpcd | 1 Xpcd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.
|
|||||
| CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
|
|||||
| CVE-2002-1488 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
|
|||||
| CVE-2005-2375 | 1 Codemasters | 1 Toca Race Driver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message.
|
|||||
| CVE-2002-1804 | 1 Npds | 1 Npds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
|||||
| CVE-2006-3619 | 1 Fastjar | 1 Fastjar | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
|
|||||
| CVE-2005-0482 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data.
|
|||||
| CVE-2002-0238 | 1 Netgear | 1 Rt314 | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
|
|||||
| CVE-1999-0595 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
|
|||||
| CVE-2004-0726 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
|
|||||
| CVE-2001-0488 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
|
|||||
| CVE-2003-0966 | 1 Elm Development Group | 1 Elm | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
|
|||||
| CVE-2006-3261 | 1 Trend Micro | 1 Control Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.
|
|||||
| CVE-2005-2494 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
|
|||||
| CVE-2006-3124 | 1 Streamripper | 1 Streamripper | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.
|
|||||
| CVE-2005-0096 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2000-0188 | 1 Alex Heiphetz Group | 1 Ezshopper | 2025-04-03 | 7.5 HIGH | N/A |
|
EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
|
|||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message.
|
|||||
| CVE-2003-0988 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
|
|||||
| CVE-2001-1267 | 1 Gnu | 1 Tar | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
|
|||||
| CVE-1999-0568 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | N/A |
|
rpc.admind in Solaris is not running in a secure mode.
|
|||||
| CVE-2002-2201 | 1 Webmin | 1 Webmin | 2025-04-03 | 10.0 HIGH | N/A |
|
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
|
|||||
| CVE-2002-0104 | 1 Aftpd | 1 Aftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump.
|
|||||
| CVE-2004-1351 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-3201 | 1 Utopia Software | 1 Utopia News Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.
|
|||||
| CVE-2004-0540 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
|
|||||
| CVE-2000-0960 | 1 Netscape | 1 Messaging Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.
|
|||||
| CVE-2005-4705 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
|
|||||
| CVE-2006-4478 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.
|
|||||
| CVE-2001-0736 | 5 Engardelinux, Immunix, Mandrakesoft and 2 more | 6 Secure Linux, Immunix, Mandrake Linux and 3 more | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2003-0807 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
|
|||||
| CVE-2005-1237 | 1 China-on-site | 1 Flexphpnews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2004-0178 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
|
|||||