Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1579 | 1 Sco | 2 Open Unix, Unixware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
|
|||||
| CVE-2005-1287 | 1 Bk Dev | 1 Bk Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
|
|||||
| CVE-2004-1706 | 1 U.s.robotics | 1 Usr808054 | 2025-04-03 | 7.5 HIGH | N/A |
|
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
|
|||||
| CVE-2001-0550 | 2 David Madore, Washington University | 2 Ftpd-bsd, Wu-ftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
|
|||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
|
|||||
| CVE-1999-0610 | 1 Mountain Network Systems | 1 Webcart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An incorrect configuration of the Webcart CGI program could disclose private information.
|
|||||
| CVE-2005-2239 | 1 Oftpd | 1 Oftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters.
|
|||||
| CVE-2006-3366 | 1 V3 Chat | 1 V3 Chat | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messe ...
Show More |
|||||
| CVE-2003-0956 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.
|
|||||
| CVE-2004-0871 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
|
|||||
| CVE-2000-0324 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.
|
|||||
| CVE-2005-0963 | 1 Toshiba | 1 Acpi Flash Bios | 2025-04-03 | 2.1 LOW | N/A |
|
An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges.
|
|||||
| CVE-2006-3345 | 1 Ajax Softwares | 1 Alipager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line.
|
|||||
| CVE-2003-1044 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
|
|||||
| CVE-2001-0630 | 1 Mimanet | 1 Source Viewer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.
|
|||||
| CVE-2006-2271 | 1 Lksctp | 1 Lksctp | 2025-04-03 | 7.8 HIGH | N/A |
|
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
|
|||||
| CVE-2001-1362 | 1 Horsburgh | 1 Npulse | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in the server for nPULSE before 0.53p4.
|
|||||
| CVE-2001-0457 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
|
|||||
| CVE-2005-1380 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
|
|||||
| CVE-2004-2043 | 2 Borland Software, Firebirdsql | 3 Interbase, Interbase Superserver, Firebird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
|
|||||
| CVE-2002-1703 | 1 Mewsoft | 1 Netauction | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft NetAuction 3.0 allows remote attackers to execute arbitrary script as other users via the Term parameter.
|
|||||
| CVE-2004-0383 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."
|
|||||
| CVE-2001-1296 | 1 Marc Logemann | 1 More.groupware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2004-1333 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
|
|||||
| CVE-2004-1486 | 1 Hp | 2 Cluster Object Manager, Serviceguard | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors.
|
|||||
| CVE-2001-1455 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 7.5 HIGH | N/A |
|
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
|
|||||
| CVE-2004-2287 | 1 Dsm | 1 Light Web File Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
|
|||||
| CVE-2004-0629 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.
|
|||||
| CVE-2001-1530 | 1 Webmin | 1 Webmin | 2025-04-03 | 4.6 MEDIUM | N/A |
|
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
|
|||||
| CVE-2000-0409 | 1 Netscape | 1 Communicator | 2025-04-03 | 3.7 LOW | N/A |
|
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
|
|||||
| CVE-2003-1021 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
|
|||||
| CVE-2005-4321 | 1 Apani Networks | 1 Epiforce Agent | 2025-04-03 | 7.8 HIGH | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-2001-0723 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
|
|||||
| CVE-2002-0168 | 1 Enlightenment | 1 Imlib | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.
|
|||||
| CVE-2000-0698 | 1 Minicom | 1 Minicom | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
|
|||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.6 LOW | N/A |
|
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
|
|||||
| CVE-2001-1033 | 1 Compaq | 2 Tru64, Trucluster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.
|
|||||
| CVE-2002-0711 | 1 Hp | 1 Trucluster Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.
|
|||||
| CVE-2006-2505 | 1 Oracle | 1 Database Server | 2025-04-03 | 3.6 LOW | N/A |
|
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.
|
|||||
| CVE-2004-1771 | 1 Open Group | 1 Scalable Ogo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users.
|
|||||