Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0539 | 3 Ddskk, Redhat, Skk | 4 Ddskk, Daredevil Skk, Ddskk-xemacs and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-1999-0971 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
|
|||||
| CVE-2001-0560 | 1 Paul Vixie | 1 Vixie Cron | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
|
|||||
| CVE-1999-0830 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SCO UnixWare Xsco command via a long argument.
|
|||||
| CVE-2006-4585 | 1 Tr Forum | 1 Tr Forum | 2025-04-03 | 9.0 HIGH | N/A |
|
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
|
|||||
| CVE-2005-1471 | 1 Rsa | 1 Securid Web Agent | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data.
|
|||||
| CVE-2004-1746 | 1 Php Code Snippet Library | 1 Php Code Snippet Library | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.
|
|||||
| CVE-2001-1054 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-03 | 7.5 HIGH | N/A |
|
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2005-3526 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
|
|||||
| CVE-1999-0972 | 1 Wolfpack Development | 1 Xshipwars | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Xshipwars xsw program.
|
|||||
| CVE-2000-0079 | 1 W3c | 1 Cern Httpd | 2025-04-03 | 7.5 HIGH | N/A |
|
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
|
|||||
| CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
|
|||||
| CVE-2000-0502 | 1 Mcafee | 1 Virusscan | 2025-04-03 | 2.1 LOW | N/A |
|
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
|
|||||
| CVE-2006-3620 | 1 Dream4 | 1 Koobi Pro | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.
|
|||||
| CVE-2006-1567 | 1 Sitesearch | 1 Indexer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter.
|
|||||
| CVE-2001-0567 | 1 Zope | 1 Zope | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
|
|||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot).
|
|||||
| CVE-2004-1291 | 1 Amir Malik | 1 Qwik Smtpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.
|
|||||
| CVE-1999-0547 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
An SSH server allows authentication through the .rhosts file.
|
|||||
| CVE-1999-1312 | 1 Dec | 2 Dec Openvms Axp, Dec Openvms Vax | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges.
|
|||||
| CVE-2001-0759 | 1 Jetico | 1 Bestcrypt | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount.
|
|||||
| CVE-2006-4116 | 1 Lhaz | 1 Lhaz | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.
|
|||||
| CVE-2005-0657 | 1 Computalynx | 1 Cproxy | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot) in an HTTP request.
|
|||||
| CVE-1999-0585 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
A Windows NT administrator account has the default name of Administrator.
|
|||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
|
|||||
| CVE-2002-0136 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript.
|
|||||
| CVE-2004-0619 | 1 Redhat | 3 Fedora Core, Kernel, Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
|
|||||
| CVE-2001-0904 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.
|
|||||
| CVE-2005-3559 | 1 Digium | 1 Asterisk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
|
|||||
| CVE-2006-4958 | 1 Sun | 1 Secure Global Desktop | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
|
|||||
| CVE-2000-0386 | 1 Filemaker | 1 Filemaker | 2025-04-03 | 7.5 HIGH | N/A |
|
FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.
|
|||||
| CVE-2000-0352 | 1 University Of Washington | 1 Pine | 2025-04-03 | 10.0 HIGH | N/A |
|
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
|
|||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
|
|||||
| CVE-2001-1118 | 1 Roxen | 1 Roxen Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
|
|||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
|
|||||
| CVE-2004-2107 | 1 Finjan Software | 1 Surfingate | 2025-04-03 | 7.5 HIGH | N/A |
|
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.
|
|||||
| CVE-2003-0775 | 1 Sane | 2 Sane, Sane-backend | 2025-04-03 | 5.0 MEDIUM | N/A |
|
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
|
|||||
| CVE-2005-0985 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.
|
|||||
| CVE-2006-2756 | 1 Eitsop | 1 My Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897.
|
|||||
| CVE-1999-0338 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
AIX Licensed Program Product performance tools allow local users to gain root access.
|
|||||