Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0088 | 1 Microsoft | 4 Office, Office Converter Pack, Powerpoint and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
|
|||||
| CVE-2005-4507 | 1 Nexus Concepts | 1 Dev Hound | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields.
|
|||||
| CVE-2001-0573 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
|
|||||
| CVE-2006-3408 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.
|
|||||
| CVE-2006-3841 | 1 Owasp | 1 Webscarab | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
|
|||||
| CVE-2005-4657 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2003-1099 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
|
|||||
| CVE-2002-0503 | 1 Citrix | 1 Nfuse | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.
|
|||||
| CVE-2006-2154 | 1 Emc | 1 Retrospect | 2025-04-03 | 7.2 HIGH | N/A |
|
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.
|
|||||
| CVE-2006-4435 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.9 MEDIUM | N/A |
|
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
|
|||||
| CVE-2001-0111 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.
|
|||||
| CVE-2005-4402 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.
|
|||||
| CVE-2000-0212 | 1 Pragma Systems | 1 Interaccess Telnetd Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information.
|
|||||
| CVE-2006-0652 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2025-04-03 | 6.5 MEDIUM | N/A |
|
WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive t ...
Show More |
|||||
| CVE-2006-4348 | 1 Kochsuite Component | 1 Kochsuite Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2005-0636 | 1 Foxmail | 1 Foxmail Email Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.
|
|||||
| CVE-2001-1276 | 1 Itcorp | 1 Ispell | 2025-04-03 | 1.2 LOW | N/A |
|
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
|
|||||
| CVE-2001-0569 | 1 Zope | 1 Zope | 2025-04-03 | 2.1 LOW | N/A |
|
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
|
|||||
| CVE-2001-0818 | 1 Marty Bochane | 1 Mdbms | 2025-04-03 | 7.5 HIGH | N/A |
|
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
|
|||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
|
|||||
| CVE-1999-1010 | 1 Openbsd | 1 Openssh | 2025-04-03 | 2.1 LOW | N/A |
|
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
|
|||||
| CVE-2005-3077 | 1 Microsoft | 1 Ie For Macintosh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
|
|||||
| CVE-2003-0289 | 1 Cdrtools | 1 Cdrecord | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
|
|||||
| CVE-2006-1040 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.
|
|||||
| CVE-2003-0392 | 1 St | 1 Ftp Service | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
|
|||||
| CVE-2006-2853 | 1 Abarcar | 1 Abarcar Realty Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2006-4276 | 1 Tutti Nova | 1 Tutti Nova | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.
|
|||||
| CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
|
|||||
| CVE-2003-0016 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
|
|||||
| CVE-2006-1085 | 1 Php-stats | 1 Php-stats | 2025-04-03 | 10.0 HIGH | N/A |
|
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password.
|
|||||
| CVE-2006-4562 | 1 Symantec | 1 Gateway Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
|
|||||
| CVE-2001-0972 | 1 Surf-net | 1 Asp Forum | 2025-04-03 | 10.0 HIGH | N/A |
|
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
|
|||||
| CVE-2000-0171 | 1 At Computing | 1 Atsar Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
|
|||||
| CVE-2002-0105 | 1 Caldera | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
|
|||||
| CVE-2002-1185 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
|
|||||
| CVE-2003-0219 | 1 Kerio | 1 Personal Firewall 2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server.
|
|||||
| CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.
|
|||||
| CVE-2000-0717 | 1 Goodtech | 2 Ftp Server 95 98, Ftp Server Nt 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.
|
|||||
| CVE-2002-1628 | 1 Mike Spice | 1 Mikes Vote Cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter.
|
|||||
| CVE-2003-0224 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
|
|||||