Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0176 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
|
|||||
| CVE-2003-1066 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
|
|||||
| CVE-2005-1524 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.
|
|||||
| CVE-2005-3504 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.
|
|||||
| CVE-1999-0369 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
|
|||||
| CVE-2000-0169 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
|
|||||
| CVE-2002-0484 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
|
|||||
| CVE-2004-2636 | 1 Rit Research Labs | 1 Tinyweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
|
|||||
| CVE-2003-1216 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
|
|||||
| CVE-2003-1022 | 1 Debian | 1 Fsp | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
|
|||||
| CVE-2004-2422 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
|
|||||
| CVE-2004-1916 | 1 Lcdproc | 1 Lcdproc | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.
|
|||||
| CVE-2005-2508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.
|
|||||
| CVE-2002-0034 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
|
|||||
| CVE-2003-0121 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 7.5 HIGH | N/A |
|
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.
|
|||||
| CVE-2005-3557 | 1 Tincan | 1 Phplist | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
|
|||||
| CVE-2006-4473 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
|
|||||
| CVE-2004-2679 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.8 HIGH | N/A |
|
Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.
|
|||||
| CVE-2006-4873 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules ...
Show More |
|||||
| CVE-2005-2531 | 1 Openvpn | 1 Openvpn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
|
|||||
| CVE-2006-3215 | 1 Clearswift | 2 Mailsweeper For Exchange, Mailsweeper For Smtp | 2025-04-03 | 7.5 HIGH | N/A |
|
Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set.
|
|||||
| CVE-2004-1099 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | 10.0 HIGH | N/A |
|
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
|
|||||
| CVE-1999-1360 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
|
|||||
| CVE-2003-1072 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
|
|||||
| CVE-2005-4558 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
|
|||||
| CVE-2004-1185 | 1 Gnu | 1 Enscript | 2025-04-03 | 7.5 HIGH | N/A |
|
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
|
|||||
| CVE-2005-1560 | 1 Neteyes | 1 Nexusway | 2025-04-03 | 10.0 HIGH | N/A |
|
The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.
|
|||||
| CVE-2001-0101 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
|
|||||
| CVE-1999-0382 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
|
|||||
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator.
|
|||||
| CVE-2000-0422 | 1 Netwin | 1 Dmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter.
|
|||||
| CVE-2001-0406 | 1 Samba | 1 Samba | 2025-04-03 | 2.1 LOW | N/A |
|
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
|
|||||
| CVE-2000-1176 | 1 Yabb | 1 Yabb | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
|
|||||
| CVE-2000-0916 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
|
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
|
|||||
| CVE-2006-4824 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
|
|||||
| CVE-2006-2414 | 1 Timo Sirainen | 1 Dovecot | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
|
|||||
| CVE-2005-2570 | 1 Funkboard | 1 Funkboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message.
|
|||||
| CVE-2000-0893 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.
|
|||||
| CVE-2004-0477 | 1 3com | 1 3cp4144 | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.
|
|||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
|
|||||