Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4716 | 1 Hitachi | 2 Tpi Net Library, Tpi Server Base | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes.
|
|||||
| CVE-2004-0663 | 1 Powerportal | 1 Powerportal | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module.
|
|||||
| CVE-2006-3576 | 1 Sensesites | 1 Commonsense Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2002-0934 | 1 Jon Hedley | 1 Alienform2 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file.
|
|||||
| CVE-2006-0718 | 1 Avaya | 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-2006-4021 | 1 Scatterchat | 1 Scatterchat | 2025-04-03 | 2.6 LOW | N/A |
|
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.
|
|||||
| CVE-2005-0749 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
|
|||||
| CVE-2001-1524 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
|
|||||
| CVE-2005-3210 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-1999-1023 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
|
|||||
| CVE-1999-1017 | 1 Seattle Lab Software | 1 Emurl | 2025-04-03 | 7.5 HIGH | N/A |
|
Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message.
|
|||||
| CVE-2004-0844 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
|
|||||
| CVE-2001-1197 | 1 Kde | 1 Kdeutils | 2025-04-03 | 4.6 MEDIUM | N/A |
|
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
|
|||||
| CVE-2000-1028 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
|
|||||
| CVE-2005-1503 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.
|
|||||
| CVE-2006-2484 | 1 Icewarp | 1 Web Mail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.
|
|||||
| CVE-2005-2861 | 1 N-stalker | 1 N-stealth | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.
|
|||||
| CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
|
|||||
| CVE-2002-0539 | 1 Demarc Security | 1 Puresecure | 2025-04-03 | 10.0 HIGH | N/A |
|
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
|
|||||
| CVE-2001-1360 | 1 Mostang | 1 Sane | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
|
|||||
| CVE-2004-2004 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
|
|||||
| CVE-2006-2213 | 1 Hostapd | 1 Hostapd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.
|
|||||
| CVE-2005-2999 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php.
|
|||||
| CVE-2005-2846 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
|
|||||
| CVE-2001-0785 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2006-3814 | 1 Cheese Tracker | 1 Cheese Tracker | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.
|
|||||
| CVE-2002-2084 | 1 Portix-php | 1 Portix-php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.
|
|||||
| CVE-1999-1460 | 1 Bmc | 1 Patrol Agent | 2025-04-03 | 7.2 HIGH | N/A |
|
BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.
|
|||||
| CVE-2005-2415 | 1 Astalavista It Engineering | 1 Contrexx | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.
|
|||||
| CVE-1999-0030 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
root privileges via buffer overflow in xlock command on SGI IRIX systems.
|
|||||
| CVE-2001-1041 | 1 Oracle | 1 Database Server | 2025-04-03 | 2.1 LOW | N/A |
|
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
|
|||||
| CVE-2002-0787 | 1 Critical Path | 1 Injoin Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.
|
|||||
| CVE-2005-0884 | 1 Digitalhive | 1 Digitalhive | 2025-04-03 | 7.5 HIGH | N/A |
|
DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script.
|
|||||
| CVE-2000-0102 | 1 Salescart | 1 Salescart | 2025-04-03 | 7.5 HIGH | N/A |
|
The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2006-0853 | 1 Truenorth Software | 1 Ia Emailserver | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument.
|
|||||
| CVE-2003-0887 | 1 Angus Mackay | 1 Ez-ipupdate | 2025-04-03 | 2.1 LOW | N/A |
|
ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.
|
|||||
| CVE-1999-0329 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
SGI mediad program allows local users to gain root access.
|
|||||
| CVE-2005-4293 | 1 Kryptronic | 1 Clickcartpro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.
|
|||||
| CVE-2005-1026 | 2 Dlman Pro, Linkz Pro | 2 Dlman Pro, Linkz Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro).
|
|||||
| CVE-2005-3725 | 1 Zyxel | 1 Prestige 2000w V.1voip Wi-fi Phone | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
|
|||||