Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2394 | 1 Turnkey Web Tools | 1 Php Live Helper | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.
|
|||||
| CVE-2004-2029 | 1 Trevor Hogan | 1 Bnbt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
|
|||||
| CVE-2005-2213 | 1 Mms Ripper | 1 Mms Ripper | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams.
|
|||||
| CVE-2006-3052 | 1 Cescripts | 4 Event Registration 2checkout, Event Registration Corporate, Event Registration Paypal and 1 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2000-0047 | 1 Yahoo | 1 Pager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message.
|
|||||
| CVE-2005-3745 | 1 Apache | 1 Struts | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
|
|||||
| CVE-2002-1039 | 1 Michael Dean | 1 Double Choco Latte | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature.
|
|||||
| CVE-2005-1207 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
|
|||||
| CVE-1999-1275 | 1 Ibm | 1 Lotus Cc Mail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.
|
|||||
| CVE-2003-0690 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
|
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
|
|||||
| CVE-2002-0205 | 1 Plumtree | 1 Plumtree Corporate Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
|
|||||
| CVE-2002-0877 | 1 Evolvable Corporation | 1 Shambala Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands.
|
|||||
| CVE-2003-0619 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
|
|||||
| CVE-2002-2274 | 1 Akfingerd | 1 Akfingerd | 2025-04-03 | 2.1 LOW | N/A |
|
akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file.
|
|||||
| CVE-2002-1618 | 1 Hp | 2 Hp-ux, Jfs | 2025-04-03 | 7.2 HIGH | N/A |
|
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems.
|
|||||
| CVE-2005-3282 | 1 Splatt | 1 Splatt Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors.
|
|||||
| CVE-2004-2249 | 1 Goosequill | 1 Audienceconnect Secureeditor | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
|
|||||
| CVE-1999-0021 | 1 Muhammad A. Muquit | 1 Wwwcount | 2025-04-03 | 7.5 HIGH | N/A |
|
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.
|
|||||
| CVE-2004-1516 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.
|
|||||
| CVE-2004-2399 | 1 Securecomputing | 1 Sidewinder G2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
|
|||||
| CVE-2006-0847 | 1 Cherrypy | 1 Cherrypy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
|
|||||
| CVE-2006-4035 | 1 Counterchaos | 1 Counterchaos | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
|
|||||
| CVE-2004-1298 | 1 Michael Kohn | 1 Vb2c | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file.
|
|||||
| CVE-2002-2006 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
|
|||||
| CVE-2003-0189 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
|
|||||
| CVE-2004-0114 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
|
|||||
| CVE-1999-0082 | 2 Ftp, Ftpcd | 2 Ftp, Ftpcd | 2025-04-03 | 10.0 HIGH | N/A |
|
CWD ~root command in ftpd allows root access.
|
|||||
| CVE-2003-0261 | 1 Fuzz | 1 Fuzz | 2025-04-03 | 4.6 MEDIUM | N/A |
|
fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.
|
|||||
| CVE-2006-4893 | 1 Phpbb Xs | 1 Phpbb Xs | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
|
|||||
| CVE-2005-4327 | 1 Webcal | 1 Webcal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entries.
|
|||||
| CVE-2006-1963 | 1 Pcpin | 1 Pcpin Chat | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
|
|||||
| CVE-2004-2589 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.
|
|||||
| CVE-2004-1079 | 1 Ncpfs | 1 Ncpfs | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option.
|
|||||
| CVE-2005-0894 | 1 Openmosixview | 1 Openmosixview | 2025-04-03 | 3.6 LOW | N/A |
|
OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.
|
|||||
| CVE-2002-0916 | 1 Stellar-x Software | 1 Msntauth | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.
|
|||||
| CVE-2002-1794 | 1 Hp | 2 Hp-ux, Ldap-ux Integration | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.
|
|||||
| CVE-2000-1149 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
|
|||||
| CVE-2005-3092 | 1 Image-line Software | 1 Fl Studio | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file.
|
|||||
| CVE-2002-1896 | 1 Alsaplayer | 1 Alsaplayer | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.
|
|||||
| CVE-1999-0955 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 7.6 HIGH | N/A |
|
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
|
|||||