Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1505 | 1 Id Software | 1 Quakeworld | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet.
|
|||||
| CVE-1999-1436 | 1 Ray Chan | 1 Www Authorization Gateway | 2025-04-03 | 7.5 HIGH | N/A |
|
Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter.
|
|||||
| CVE-2002-1501 | 1 Enterasys | 1 Smartswitch Ssr8000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
|
|||||
| CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2005-1756 | 1 Novell | 1 Netmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.
|
|||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | 8.4 HIGH |
|
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
|
|||||
| CVE-2006-4053 | 1 Ehmig | 1 Me Download System | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.
|
|||||
| CVE-2000-0173 | 1 Sco | 1 Unixware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service.
|
|||||
| CVE-2006-2861 | 1 Particle Soft | 1 Particle Wiki | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
|
|||||
| CVE-2005-4014 | 1 Php Web | 1 Statistik | 2025-04-03 | 7.8 HIGH | N/A |
|
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value.
|
|||||
| CVE-2005-1755 | 1 Php Poll Creator | 1 Php Poll Creator | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.
|
|||||
| CVE-2006-3498 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
|
|||||
| CVE-2000-0054 | 1 Solution Scripts | 1 Home Free | 2025-04-03 | 5.0 MEDIUM | N/A |
|
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
|
|||||
| CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
|
|||||
| CVE-2002-0870 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2025-04-03 | 7.5 HIGH | N/A |
|
The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549.
|
|||||
| CVE-2005-2145 | 1 Prevx | 1 Prevx Pro 2005 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message.
|
|||||
| CVE-1999-1449 | 1 Sun | 1 Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
|
|||||
| CVE-2006-0155 | 1 427bb | 1 Fourtwosevenbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.
|
|||||
| CVE-2000-0512 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
|
|||||
| CVE-2005-2682 | 1 Dtlink | 1 Areaedit | 2025-04-03 | 7.5 HIGH | N/A |
|
aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).
|
|||||
| CVE-2003-0212 | 1 Rinetd | 1 Rinetd | 2025-04-03 | 7.5 HIGH | N/A |
|
handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.
|
|||||
| CVE-2005-2607 | 1 Phpsimplicity | 1 Simplicity Of Upload | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
|
|||||
| CVE-2005-1198 | 1 Anaconda Partners | 1 Foundation Directory | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.
|
|||||
| CVE-1999-0429 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 7.5 HIGH | N/A |
|
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
|
|||||
| CVE-2006-2772 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-2928 | 1 Cms-bandits | 1 Cms-bandits | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php.
|
|||||
| CVE-2006-0511 | 1 Blackboard | 2 Blackboard, Blackboard Academic Suite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.
|
|||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972.
|
|||||
| CVE-2004-2402 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
|
|||||
| CVE-2004-1292 | 1 Michael Kohn | 1 Ringtonetools | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file.
|
|||||
| CVE-1999-0845 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SCO su program allows local users to gain root access via a long username.
|
|||||
| CVE-2000-0125 | 1 Wired Community Software | 1 Wwwthreads | 2025-04-03 | 7.5 HIGH | N/A |
|
wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.
|
|||||
| CVE-2005-1873 | 1 Crob | 1 Crob Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.
|
|||||
| CVE-2000-0521 | 1 Michael Lamont | 1 Savant Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.
|
|||||
| CVE-2003-0638 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login."
|
|||||
| CVE-2006-2849 | 1 Andrew Godwin | 1 Bytehoard | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter.
|
|||||
| CVE-2005-0140 | 1 Peid | 1 Peid | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.
|
|||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domai ...
Show More |
|||||
| CVE-2004-1466 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.
|
|||||
| CVE-2005-4553 | 1 Kmint21 Software | 1 Golden Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||