Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1858 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
|
|||||
| CVE-2003-0849 | 1 Gnu | 1 Cfengine | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
|
|||||
| CVE-2003-0699 | 1 Redhat | 2 Enterprise Linux, Linux Advanced Workstation | 2025-04-03 | 7.5 HIGH | N/A |
|
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
|
|||||
| CVE-2005-0619 | 1 Bfriendly.com | 1 Einstein | 2025-04-03 | 2.1 LOW | N/A |
|
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
|
|||||
| CVE-2000-0025 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
|
|||||
| CVE-2004-2519 | 1 Geeos Team | 1 Gattaca Server 2003 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
|
|||||
| CVE-2005-2684 | 1 Virtech | 1 Netquery | 2025-04-03 | 7.5 HIGH | N/A |
|
nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query.
|
|||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2025-04-03 | 2.6 LOW | N/A |
|
The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.
|
|||||
| CVE-2004-0283 | 1 Mailmgr | 1 Mailmgr | 2025-04-03 | 2.1 LOW | N/A |
|
Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.
|
|||||
| CVE-2005-0147 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
|
|||||
| CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-1999-0425 | 1 Netscape | 1 Communicator | 2025-04-03 | 6.4 MEDIUM | N/A |
|
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
|
|||||
| CVE-2006-2123 | 1 Network Administration Visualized | 1 Network Administration Visualized | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2005-1359 | 1 Text.cgi | 1 Text.cgi | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
|
|||||
| CVE-1999-0526 | 1 X.org | 1 X11 | 2025-04-03 | 10.0 HIGH | N/A |
|
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
|
|||||
| CVE-2001-0583 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
|
|||||
| CVE-2006-3216 | 1 Clearswift | 2 Mailsweeper For Exchange, Mailsweeper For Smtp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages.
|
|||||
| CVE-2004-1447 | 1 Jetbox | 1 Jetbox One Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information.
|
|||||
| CVE-2000-0666 | 5 Conectiva, Debian, Redhat and 2 more | 5 Linux, Debian Linux, Linux and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
|
|||||
| CVE-1999-0410 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
|
|||||
| CVE-2004-0534 | 1 Businessobjects | 2 Infoview, Webintelligence | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
|
|||||
| CVE-2003-0817 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
|
|||||
| CVE-2006-0396 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
|
|||||
| CVE-2005-4460 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php.
|
|||||
| CVE-2006-0764 | 1 Cisco | 3 Anomaly Guard Module, Guard, Traffic Anomaly Detector Module | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
|
|||||
| CVE-2006-2162 | 1 Nagios | 1 Nagios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
|
|||||
| CVE-2001-0252 | 1 Iplanet | 1 Iplanet Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences.
|
|||||
| CVE-2005-4688 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
|
|||||
| CVE-2002-0284 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.6 LOW | N/A |
|
Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.
|
|||||
| CVE-2005-1627 | 1 Viewglob | 1 Viewglob | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.
|
|||||
| CVE-2003-0177 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow "-" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently.
|
|||||
| CVE-2000-0564 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
|
|||||
| CVE-2006-2680 | 1 Php4script | 1 Az Photo Album Script Pro | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.
|
|||||
| CVE-2001-0749 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root.
|
|||||
| CVE-2000-0087 | 1 Netscape | 2 Communicator, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
|
|||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
|
|||||
| CVE-2006-4652 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2025-04-03 | 7.5 HIGH | N/A |
|
(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.
|
|||||
| CVE-2002-0663 | 1 Symantec | 2 Norton Internet Security, Norton Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
|
|||||
| CVE-1999-0813 | 1 Infodrom | 1 Cfingerd | 2025-04-03 | 7.2 HIGH | N/A |
|
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.
|
|||||
| CVE-2001-0276 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 6.4 MEDIUM | N/A |
|
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
|
|||||