Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0127 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
|
|||||
| CVE-2002-0343 | 1 Hotline Communications | 1 Hotline Connect | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords.
|
|||||
| CVE-2002-0421 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
|
|||||
| CVE-2004-0204 | 4 Bea, Borland Software, Businessobjects and 1 more | 9 Weblogic Server, J Builder, Crystal Enterprise and 6 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
|
|||||
| CVE-2005-2278 | 1 Mailenable | 1 Mailenable Professional | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
|
|||||
| CVE-2006-1042 | 1 Gregarius | 1 Gregarius | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php.
|
|||||
| CVE-2006-1801 | 1 Planet Concept | 1 Planetsearch\+ | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.
|
|||||
| CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2025-04-03 | 9.4 HIGH | N/A |
|
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
|
|||||
| CVE-2005-3221 | 1 Fortinet | 1 Fortinet Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2005-4760 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
|
|||||
| CVE-1999-1377 | 1 Matt Wright | 1 Download.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
|
|||||
| CVE-2005-1427 | 1 Uapplication | 1 Uphotogallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb.
|
|||||
| CVE-2006-1152 | 1 M Phorum | 1 M Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-2624 | 1 Cpaint | 1 Cpaint | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.
|
|||||
| CVE-2006-0671 | 1 Sony Ericsson | 4 K600i, T68i, V600i and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
|
Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet.
|
|||||
| CVE-2006-1300 | 1 Microsoft | 1 .net Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
|
|||||
| CVE-1999-0390 | 2 Redhat, Suse | 2 Linux, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Dosemu Slang library in Linux.
|
|||||
| CVE-2002-1643 | 1 Realnetworks | 1 Helix Universal Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
|
|||||
| CVE-2000-0487 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 3.6 LOW | N/A |
|
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
|
|||||
| CVE-2002-0261 | 1 Instantservers Inc. | 1 Miniportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.
|
|||||
| CVE-1999-1372 | 1 Triactive | 1 Remote Management | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges.
|
|||||
| CVE-2006-1717 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.
|
|||||
| CVE-2006-4114 | 1 Phpmyring | 1 Phpmyring | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.
|
|||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-1999-1196 | 1 Hummingbird | 1 Exceed | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
|
|||||
| CVE-2002-1187 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
|
|||||
| CVE-2000-1128 | 1 Mcafee | 1 Virusscan | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
|
|||||
| CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.
|
|||||
| CVE-2002-0977 | 1 Microsoft | 1 File Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value.
|
|||||
| CVE-2004-1087 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
|
|||||
| CVE-2005-3292 | 1 Xeobook | 1 Xeobook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>.
|
|||||
| CVE-2003-1030 | 1 Dameware Development | 1 Mini Remote Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
|
|||||
| CVE-2000-0399 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
|
|||||
| CVE-2001-0993 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
|
|||||
| CVE-2006-4715 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2000-0009 | 1 Nortel | 1 Optivity Net Architect | 2025-04-03 | 7.2 HIGH | N/A |
|
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
|
|||||
| CVE-2004-0310 | 1 Livejournal | 1 Livejournal | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url.
|
|||||
| CVE-2006-0314 | 1 Pdfdirectory | 1 Pdfdirectory | 2025-04-03 | 7.5 HIGH | N/A |
|
PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities.
|
|||||
| CVE-2002-0030 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.
|
|||||
| CVE-2006-3959 | 1 X-scripts | 1 X-statistics | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
|
|||||