Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0133 | 1 Adobe | 1 Framemaker | 2025-04-03 | 2.1 LOW | N/A |
|
fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.
|
|||||
| CVE-2003-0051 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
|
|||||
| CVE-2002-0114 | 1 Emc | 1 Networker | 2025-04-03 | 4.6 MEDIUM | N/A |
|
EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
|
|||||
| CVE-2001-0761 | 1 Trend Micro | 1 Interscan Webmanager | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter.
|
|||||
| CVE-2003-0115 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233.
|
|||||
| CVE-2006-1365 | 1 Motorola | 3 E398, Pebl U6, V600 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack.
|
|||||
| CVE-1999-0359 | 1 Marc Schaefer | 1 Ptylogin | 2025-04-03 | 7.5 HIGH | N/A |
|
ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords.
|
|||||
| CVE-2004-2489 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.
|
|||||
| CVE-2001-1018 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
|
|||||
| CVE-2001-0921 | 1 Netscape | 1 Communicator | 2025-04-03 | 2.1 LOW | N/A |
|
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
|
|||||
| CVE-2002-1036 | 1 Zoltan Milosevic | 1 Fluid Dynamics Search Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine (FDSE) before 2.0.0.0055 allows remote attackers to execute web script via the (1) Rank or (2) Match parameters.
|
|||||
| CVE-2001-0485 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
|
|||||
| CVE-2003-0019 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
|
|||||
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
|
|||||
| CVE-2006-4536 | 1 Cms Frogss | 1 Cms Frogss | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
|
|||||
| CVE-2006-0304 | 1 Achal Dhir | 1 Dual Dhcp Dns Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field.
|
|||||
| CVE-2002-2414 | 2 Opera Software, Squid | 2 Opera, Squid | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
|
|||||
| CVE-2001-0986 | 1 Microsoft | 1 Index Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
|
|||||
| CVE-2003-0327 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow.
|
|||||
| CVE-1999-0368 | 7 Caldera, Debian, Proftpd Project and 4 more | 8 Openlinux, Debian Linux, Proftpd and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
|
|||||
| CVE-2004-1655 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
|
|||||
| CVE-2002-0283 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.
|
|||||
| CVE-2002-0154 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
|
|||||
| CVE-2005-1226 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2006-4132 | 1 Arcsoft | 1 Mms Composer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948.
|
|||||
| CVE-1999-0448 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
|
|||||
| CVE-2003-1107 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
|
|||||
| CVE-2003-0649 | 1 Xpcd | 1 Xpcd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
|
|||||
| CVE-2005-1320 | 1 Horde | 1 Mnemo | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-2004-2664 | 1 John Lim | 1 Adodb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.
|
|||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
|
|||||
| CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
|
|||||
| CVE-2006-4642 | 1 Auditwizard | 1 Auditwizard | 2025-04-03 | 1.7 LOW | N/A |
|
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
|
|||||
| CVE-2005-2728 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
|
|||||
| CVE-1999-0405 | 4 Debian, Freebsd, Redhat and 1 more | 4 Debian Linux, Freebsd, Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
A buffer overflow in lsof allows local users to obtain root privilege.
|
|||||
| CVE-2005-3743 | 1 Simplepoll | 1 Simplepoll | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
|
|||||
| CVE-2000-0231 | 2 Halloween, Suse | 2 Halloween Linux, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
|
|||||
| CVE-2004-2145 | 1 Pd9 Software | 1 Megabbs | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp.
|
|||||
| CVE-2005-0349 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2025-04-03 | 7.5 HIGH | N/A |
|
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
|
|||||
| CVE-2004-0530 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path.
|
|||||