Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts.
|
|||||
| CVE-2006-3910 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
|
|||||
| CVE-2006-4940 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
|
|||||
| CVE-2000-0852 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
|
|||||
| CVE-2003-0167 | 1 Mutt | 1 Mutt | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
|
|||||
| CVE-2004-1015 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
|
|||||
| CVE-2001-0011 | 1 Isc | 1 Bind | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
|
|||||
| CVE-2004-2328 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached.
|
|||||
| CVE-2001-1347 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
|
|||||
| CVE-2004-1179 | 1 Debian | 1 Debmake | 2025-04-03 | 2.1 LOW | N/A |
|
The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.
|
|||||
| CVE-2003-1298 | 1 Anyportal Php | 1 Anyportal Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).
|
|||||
| CVE-2001-0772 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.
|
|||||
| CVE-2006-2729 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1420 | 1 N-base | 5 Nh2012, Nh2012r, Nh2015 and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration.
|
|||||
| CVE-2001-1023 | 1 Xcache Technologies | 1 Xcache | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.
|
|||||
| CVE-2001-0083 | 1 Microsoft | 1 Windows Media Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
|
|||||
| CVE-2004-1586 | 1 Jera Technology | 1 Flash Messaging Server | 2025-04-03 | 2.1 LOW | N/A |
|
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.
|
|||||
| CVE-2006-2030 | 1 Alliedtelesyn | 1 At-9724ts | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.
|
|||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2025-04-03 | 2.1 LOW | N/A |
|
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
|
|||||
| CVE-2003-0135 | 1 Redhat | 1 Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
|
|||||
| CVE-2004-2336 | 1 Novell | 2 Groupwise, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
|
|||||
| CVE-2000-0614 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.
|
|||||
| CVE-2005-0843 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.
|
|||||
| CVE-2005-4550 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).
|
|||||
| CVE-2005-2245 | 1 F5 | 1 Tmos | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.
|
|||||
| CVE-2004-1378 | 1 Jabberstudio | 2 Jabberd, Jadc2s | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.
|
|||||
| CVE-2005-1944 | 1 Xmysqladmin | 1 Xmysqladmin | 2025-04-03 | 2.1 LOW | N/A |
|
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
|
|||||
| CVE-2006-0124 | 1 Adn Forum | 1 Adn Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.
|
|||||
| CVE-1999-0584 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A Windows NT file system is not NTFS.
|
|||||
| CVE-2001-0104 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.2 HIGH | N/A |
|
MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.
|
|||||
| CVE-2006-0995 | 1 Emc Dantz | 1 Retrospect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error.
|
|||||
| CVE-2006-2442 | 1 Kphone | 1 Kphone | 2025-04-03 | 4.6 MEDIUM | N/A |
|
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
|
|||||
| CVE-2006-2992 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter.
|
|||||
| CVE-2003-0171 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
|
|||||
| CVE-2006-1538 | 1 Enova | 1 X-wall Asic | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus.
|
|||||
| CVE-2000-0935 | 1 Samba | 1 Samba | 2025-04-03 | 7.2 HIGH | N/A |
|
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
|
|||||
| CVE-2001-1193 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.
|
|||||
| CVE-2000-0013 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
|
|||||
| CVE-2005-0272 | 1 Photopost | 1 Reviewpost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.
|
|||||
| CVE-1999-1329 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
|
|||||