Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1606 | 1 Exponent | 1 Exponent Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors.
|
|||||
| CVE-2004-0922 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
|
|||||
| CVE-2002-0601 | 1 Information Security Systems | 1 Realsecure Network Sensor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer.
|
|||||
| CVE-1999-0104 | 4 Caldera, Hp, Microsoft and 1 more | 5 Openlinux, Hp-ux, Windows 95 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
|
|||||
| CVE-2005-4771 | 1 Trust Digital | 1 Trusted Mobility Suite | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized.
|
|||||
| CVE-2005-2051 | 1 Symantec Veritas | 1 Backup Exec | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-4678 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4731 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
|
|||||
| CVE-2006-0222 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
|
|||||
| CVE-2005-2816 | 1 Greymatter | 1 Greymatter Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file.
|
|||||
| CVE-2000-0571 | 1 West Street Software | 1 Localweb Http Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
|
|||||
| CVE-2005-4826 | 1 Cisco | 1 Ios | 2025-04-03 | 6.1 MEDIUM | N/A |
|
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.
|
|||||
| CVE-2002-0673 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
|
|||||
| CVE-2006-0252 | 1 Benders Calendar | 1 Benders Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
|
|||||
| CVE-2005-3789 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
|
|||||
| CVE-2006-2023 | 1 Ls3 | 1 Fenice | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.
|
|||||
| CVE-2005-2554 | 1 Network Associates | 1 Epolicy Orchestrator Agent | 2025-04-03 | 2.1 LOW | N/A |
|
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
|
|||||
| CVE-2006-3554 | 1 Mkportal | 1 Mkportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.
|
|||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2000-0206 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
|
|||||
| CVE-2004-1020 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further d ...
Show More |
|||||
| CVE-2004-2651 | 1 Michael Christen | 1 Yacy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html.
|
|||||
| CVE-2002-0939 | 1 Ncipher | 1 Mscapi Csp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
|
|||||
| CVE-2005-4747 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page.
|
|||||
| CVE-2002-0575 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
|
|||||
| CVE-2002-0428 | 1 Checkpoint | 3 Check Point Vpn, Firewall-1, Next Generation | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
|
|||||
| CVE-2001-0270 | 1 Marconi | 2 Asx-1000, Forethought | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set.
|
|||||
| CVE-2002-2076 | 1 Summit Computer Networks | 1 Lil Http | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
|
|||||
| CVE-2006-2486 | 1 Yapbb | 1 Yapbb | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter.
|
|||||
| CVE-2005-4551 | 1 Simpbook | 1 Simpbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php.
|
|||||
| CVE-2006-2695 | 1 Dgnews | 1 Dgnews | 2025-04-03 | 5.1 MEDIUM | N/A |
|
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
|
|||||
| CVE-2004-2529 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
|
|||||
| CVE-2005-3773 | 1 Joomla | 1 Joomla | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
|
|||||
| CVE-2006-1405 | 1 Sheer Vision Technologies | 1 Sscms | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
|||||
| CVE-2002-1351 | 1 Melange | 1 Melange Chat System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request.
|
|||||
| CVE-2002-1216 | 1 Gnu | 1 Tar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.
|
|||||
| CVE-2004-1065 | 4 Openpkg, Php, Trustix and 1 more | 4 Openpkg, Php, Secure Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
|
|||||
| CVE-2005-2257 | 1 Phpslash | 1 Phpslash | 2025-04-03 | 10.0 HIGH | N/A |
|
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
|
|||||
| CVE-2004-1496 | 1 Minihttpserver.net | 1 Web Forums Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash).
|
|||||
| CVE-2005-0793 | 1 Zpanel | 1 Zpanel | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.
|
|||||