Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
|
|||||
| CVE-2006-2700 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.
|
|||||
| CVE-2001-0678 | 1 Trend Micro | 2 Interscan Viruswall, Interscan Webmanager | 2025-04-03 | 4.6 MEDIUM | N/A |
|
A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code.
|
|||||
| CVE-2001-0323 | 2025-04-03 | 6.4 MEDIUM | N/A | ||
|
The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.
|
|||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2025-04-03 | 7.5 HIGH | N/A |
|
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
|
|||||
| CVE-2004-0272 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.
|
|||||
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
|
|||||
| CVE-2006-1357 | 1 F5 | 1 Firepass 4100 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
|
|||||
| CVE-2006-1048 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
|
|||||
| CVE-2005-2735 | 1 Phpgraphy | 1 Phpgraphy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
|
|||||
| CVE-2002-0780 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.
|
|||||
| CVE-2003-0796 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled.
|
|||||
| CVE-2006-2876 | 1 Deltascripts | 1 Php Pro Publish | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-3151 | 1 Associated | 1 Associated Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
|
|||||
| CVE-2006-1818 | 1 The War Forge | 1 Warforge.news | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.
|
|||||
| CVE-2006-1419 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
|
|||||
| CVE-2005-0261 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
|
|||||
| CVE-2005-4752 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
|
|||||
| CVE-2004-2051 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.
|
|||||
| CVE-2001-1407 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
|
|||||
| CVE-2006-1684 | 1 Ecotwo | 1 Shopsystem | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors.
|
|||||
| CVE-2006-0572 | 1 Hinton Design | 1 Phpstatus | 2025-04-03 | 7.5 HIGH | N/A |
|
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
|
|||||
| CVE-2001-1470 | 1 Ssh | 1 Ssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
|
|||||
| CVE-2006-2891 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.
|
|||||
| CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2003-0150 | 1 Oracle | 1 Mysql | 2025-04-03 | 9.0 HIGH | N/A |
|
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.
|
|||||
| CVE-2006-4614 | 1 Pocket Pc | 1 Pocket Pc | 2025-04-03 | 4.9 MEDIUM | N/A |
|
PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.
|
|||||
| CVE-2006-4279 | 1 Xennobb | 1 Xennobb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter.
|
|||||
| CVE-2000-1065 | 1 Hp | 1 Jetdirect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet.
|
|||||
| CVE-2006-1592 | 2 X-doom, Zdaemon | 2 X-doom, Zdaemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument.
|
|||||
| CVE-2003-0994 | 1 Symantec | 4 Norton Antivirus, Norton Internet Security, Norton System Works and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
|
|||||
| CVE-2006-4239 | 1 Outreach Project Tool | 1 Opt Max | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter.
|
|||||
| CVE-2004-2434 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
|
|||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2025-04-03 | 2.1 LOW | N/A |
|
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.
|
|||||
| CVE-2006-1062 | 1 Lurker | 1 Lurker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2002-1019 | 1 Adobe | 1 Adobe Content Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.
|
|||||
| CVE-2006-3305 | 1 Uebimiau | 1 Uebimiau | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.
|
|||||
| CVE-2000-0150 | 2 Checkpoint, Cisco | 2 Firewall-1, Pix Firewall Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.
|
|||||
| CVE-2006-2831 | 1 Drupal | 1 Drupal | 2025-04-03 | 7.5 HIGH | N/A |
|
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
|
|||||
| CVE-2001-0438 | 1 Netopia | 1 Timbuktu Mac | 2025-04-03 | 2.1 LOW | N/A |
|
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
|
|||||