Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2148 | 1 Lucent | 3 Ascend Max Router, Ascend Pipeline Router, Dslterminator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard (UDP port 9) packet, which causes the device to leak the information in the response.
|
|||||
| CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.1 MEDIUM | N/A |
|
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
|
|||||
| CVE-2004-0919 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.
|
|||||
| CVE-1999-1491 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
|
|||||
| CVE-2004-1960 | 1 Protector System | 1 Protector System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters.
|
|||||
| CVE-2002-0637 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 7.5 HIGH | N/A |
|
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
|
|||||
| CVE-2006-1322 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.
|
|||||
| CVE-2005-2616 | 1 Ezupload | 1 Ezupload | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
|
|||||
| CVE-2004-1732 | 1 Mydms | 1 Mydms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
|
|||||
| CVE-2004-2264 | 1 Gnu | 1 Less | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
|
|||||
| CVE-2004-2305 | 1 Broadcom | 1 Etrust Antivirus Ee | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
|
|||||
| CVE-2002-1878 | 1 W-agora | 1 W-agora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter.
|
|||||
| CVE-2005-3418 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
|
|||||
| CVE-2004-0099 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
|
|||||
| CVE-2005-1013 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
|
|||||
| CVE-2005-2336 | 1 Hiki | 1 Hiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.
|
|||||
| CVE-2004-2525 | 1 S9y | 1 Serendipity | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
|
|||||
| CVE-1999-0091 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX writesrv command allows local users to obtain root access.
|
|||||
| CVE-2001-0462 | 1 Spencer Christensen | 1 Perl Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-1999-0612 | 2 Gnu, Microsoft | 4 Finger Service, Fingerd, Windows 2000 and 1 more | 2025-04-03 | N/A | N/A |
|
A version of finger is running that exposes valid user information to any entity on the network.
|
|||||
| CVE-2001-0024 | 1 Leif M. Wright | 1 Simplestmail.cgi | 2025-04-03 | 10.0 HIGH | N/A |
|
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.
|
|||||
| CVE-2004-2057 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.
|
|||||
| CVE-2006-0651 | 1 Vwdev | 1 Vwdev | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page.
|
|||||
| CVE-2004-1234 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
|
|||||
| CVE-2001-0052 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 2.1 LOW | N/A |
|
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
|
|||||
| CVE-2004-1783 | 1 Net2soft | 1 Flash Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
|
|||||
| CVE-2004-2251 | 1 Astaro | 1 Security Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
|
|||||
| CVE-2005-1404 | 1 Myphp Forum | 1 Myphp Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.
|
|||||
| CVE-2000-0086 | 1 Netopia | 1 Timbuktu Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.
|
|||||
| CVE-2001-1189 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
|
|||||
| CVE-2004-0763 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
|
|||||
| CVE-2004-0525 | 1 Hp | 1 Integrated Lights-out Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.
|
|||||
| CVE-2006-1819 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".
|
|||||
| CVE-2006-1509 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.9 MEDIUM | N/A |
|
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.
|
|||||
| CVE-2006-4156 | 1 Pearlabs | 1 Mafia Moblog | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher made several significant errors regarding this bug type
|
|||||
| CVE-2004-2131 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
|
|||||
| CVE-2005-3441 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14.
|
|||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
|
|||||
| CVE-2003-0163 | 1 Gaim-encryption | 1 Gaim-encryption | 2025-04-03 | 5.0 MEDIUM | N/A |
|
decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte.
|
|||||
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
|
|||||