Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0263 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
|
|||||
| CVE-2005-2626 | 1 Kismet | 1 Kismet | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.
|
|||||
| CVE-2006-1753 | 1 Debian | 1 Debian Linux | 2025-04-03 | 3.6 LOW | N/A |
|
A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2005-2337 | 1 Yukihiro Matsumoto | 1 Ruby | 2025-04-03 | 7.5 HIGH | N/A |
|
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
|
|||||
| CVE-2005-0675 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.
|
|||||
| CVE-2002-0620 | 1 Microsoft | 1 Commerce Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
|
|||||
| CVE-2006-2553 | 1 Jemscripts | 1 Downloadcontrol | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector.
|
|||||
| CVE-2005-3453 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14.
|
|||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
|
|||||
| CVE-2002-0834 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.
|
|||||
| CVE-2005-1736 | 1 Electricmonk | 1 Proms | 2025-04-03 | 7.5 HIGH | N/A |
|
PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended.
|
|||||
| CVE-2006-3123 | 1 Matt Blaze | 1 Cryptographic File System | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
|
|||||
| CVE-2001-1577 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.
|
|||||
| CVE-2006-3679 | 1 Fatwire | 1 Fatwire Content Server | 2025-04-03 | 7.5 HIGH | N/A |
|
FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process.
|
|||||
| CVE-2003-0924 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 3.7 LOW | N/A |
|
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2002-0906 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
|
|||||
| CVE-2005-3555 | 1 Tincan | 1 Phplist | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
|
|||||
| CVE-2006-0090 | 1 Idv Directory Viewer | 1 Idv Directory Viewer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter.
|
|||||
| CVE-2002-1069 | 1 D-link | 1 Di-804 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information.
|
|||||
| CVE-2002-1891 | 1 Ayman Akt | 1 Ircit | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.
|
|||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.
|
|||||
| CVE-2006-2864 | 1 Blueshoes | 1 Blueshoes Framework | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.
|
|||||
| CVE-2003-0526 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
|
|||||
| CVE-2002-2143 | 1 Mysimplenews | 1 Mysimplenews | 2025-04-03 | 7.5 HIGH | N/A |
|
The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html.
|
|||||
| CVE-2004-0104 | 3 Metamail Corporation, Redhat, Sgi | 4 Metamail, Enterprise Linux, Linux Advanced Workstation and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
|
|||||
| CVE-2002-0212 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
|
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.
|
|||||
| CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
|
|||||
| CVE-2002-2120 | 1 Qnx | 1 Rtos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10.
|
|||||
| CVE-2002-0609 | 1 Hp | 1 Mpe Ix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets.
|
|||||
| CVE-2005-0060 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
|
|||||
| CVE-2004-1812 | 1 Broadcom | 1 Unicenter Tng | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2002-1480 | 1 Phpgb | 1 Phpgb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
|
|||||
| CVE-2005-1479 | 1 Jgs-xa | 1 Jgs-portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string.
|
|||||
| CVE-1999-0784 | 1 Oracle | 1 Database Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
|
|||||
| CVE-2006-3319 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.
|
|||||
| CVE-2006-4254 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2004-2598 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used.
|
|||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
|
|||||