Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0603 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.1 LOW | N/A |
|
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
|
|||||
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
|||||
| CVE-2005-0909 | 1 Tkais Shoutbox | 1 Tkais Shoutbox | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter.
|
|||||
| CVE-2006-4786 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
|
|||||
| CVE-2004-2081 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.
|
|||||
| CVE-1999-0185 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
|
|||||
| CVE-2002-0710 | 1 Rod Clark | 1 Sendform.cgi | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
|
|||||
| CVE-2002-0241 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
|
|||||
| CVE-2005-4830 | 1 Viewcvs | 1 Viewcvs | 2025-04-03 | 7.6 HIGH | N/A |
|
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.
|
|||||
| CVE-2005-3517 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.
|
|||||
| CVE-2005-2114 | 1 Mozilla | 3 Camino, Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
|
|||||
| CVE-2001-0207 | 1 Pierre Beyssac | 1 Bing | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function.
|
|||||
| CVE-2000-0659 | 1 Analogx | 1 Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request.
|
|||||
| CVE-2005-0112 | 1 3com | 1 3crwe454g72 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.
|
|||||
| CVE-2006-3540 | 1 Zonelabs | 1 Zonealarm Security Suite | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.
|
|||||
| CVE-2000-0596 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
|
|||||
| CVE-2005-4804 | 1 Sun | 1 Java System Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
|
|||||
| CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.
|
|||||
| CVE-2005-3798 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.
|
|||||
| CVE-2006-1600 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2005-2317 | 1 Shorewall | 1 Shorewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.
|
|||||
| CVE-2003-0305 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.
|
|||||
| CVE-2006-3869 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
|
|||||
| CVE-2000-1040 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.
|
|||||
| CVE-2005-2425 | 1 Ares | 1 Fileshare | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.
|
|||||
| CVE-2005-0966 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
|
|||||
| CVE-2005-4130 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease ...
Show More |
|||||
| CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2025-04-03 | 2.1 LOW | N/A |
|
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
|
|||||
| CVE-2005-1456 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort).
|
|||||
| CVE-2005-1573 | 1 Darrel Oneil | 1 Asp Virtual News Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2006-4668 | 1 Rob Hensley | 1 Ackertodo | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command.
|
|||||
| CVE-2005-3874 | 1 Weaverslave | 1 Netzbrett | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.
|
|||||
| CVE-1999-0930 | 1 Matt Wright | 1 Wwwboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wwwboard allows a remote attacker to delete message board articles via a malformed argument.
|
|||||
| CVE-2005-4032 | 1 Hotcgiscripts | 1 Easy Search System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2001-0690 | 4 Conectiva, Debian, Redhat and 1 more | 4 Linux, Debian Linux, Linux and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
|
|||||
| CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.8 HIGH | N/A |
|
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerab ...
Show More |
|||||
| CVE-2005-4341 | 1 Blackboard | 1 Academic Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure.
|
|||||
| CVE-1999-0157 | 1 Cisco | 2 Ios, Pix Firewall Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.
|
|||||
| CVE-2006-3931 | 1 Tuomas Airaksinen | 1 Midirecord | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid.
|
|||||
| CVE-2006-4207 | 1 Bob Jewell | 1 Discloser | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php.
|
|||||