Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0258 | 1 Cisco | 7 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication.
|
|||||
| CVE-2005-1392 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
|
|||||
| CVE-2005-4323 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.
|
|||||
| CVE-2006-1124 | 1 Revilloc Solutions | 1 Revilloc Mailserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.
|
|||||
| CVE-2003-1031 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
|
|||||
| CVE-2006-0181 | 1 Cisco | 1 Cs-mars | 2025-04-03 | 7.2 HIGH | N/A |
|
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.
|
|||||
| CVE-2005-0577 | 1 Dna | 1 Mkbold-mkitalic | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files.
|
|||||
| CVE-2002-1145 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 10.0 HIGH | N/A |
|
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
|
|||||
| CVE-2003-0760 | 1 Optisoft | 1 Blubster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701.
|
|||||
| CVE-2002-1477 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 7.5 HIGH | N/A |
|
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
|
|||||
| CVE-2006-2589 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
|
|||||
| CVE-1999-0476 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.
|
|||||
| CVE-2005-0895 | 1 Netcomm | 1 Nb1300 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets.
|
|||||
| CVE-2003-1136 | 1 Chi Kien Uong | 1 Chi Kien Uong Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
|
|||||
| CVE-2001-1326 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 7.5 HIGH | N/A |
|
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
|
|||||
| CVE-2006-1200 | 1 Daverave | 1 Link Bank | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.
|
|||||
| CVE-2006-4859 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
|
|||||
| CVE-2005-2058 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
|
|||||
| CVE-2005-1992 | 1 Yukihiro Matsumoto | 1 Ruby | 2025-04-03 | 7.5 HIGH | N/A |
|
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
|
|||||
| CVE-2006-4847 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
|
|||||
| CVE-2005-2887 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message.
|
|||||
| CVE-2004-1205 | 1 Pntresmailer | 1 Pntresmailer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.
|
|||||
| CVE-2004-0357 | 1 Seattle Lab Software | 1 Slmail Pro | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll.
|
|||||
| CVE-2006-4324 | 1 Cityforfree | 1 Indexcity | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2005-3706 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
|
|||||
| CVE-2001-1215 | 1 Michael Baumer | 1 Pfinger | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
|
|||||
| CVE-2006-1044 | 1 Lsoft | 1 Listserv | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.
|
|||||
| CVE-2005-1242 | 1 Bsafe | 1 Global Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
|
|||||
| CVE-2004-2623 | 1 Matthew Skala | 1 Rippy The Aggregator | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."
|
|||||
| CVE-2006-1900 | 1 W3c | 1 Amaya | 2025-04-03 | 7.6 HIGH | N/A |
|
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
|
|||||
| CVE-2004-1558 | 1 Ypops | 1 Ypops | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
|
|||||
| CVE-2003-0426 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 10.0 HIGH | N/A |
|
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
|
|||||
| CVE-2004-0681 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.
|
|||||
| CVE-2006-0653 | 1 Hinton Design | 1 Phpht Topsites | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter.
|
|||||
| CVE-2005-2023 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.
|
|||||
| CVE-2003-0594 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
|
|||||
| CVE-2005-4332 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-03 | 9.4 HIGH | N/A |
|
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
|
|||||
| CVE-2006-3925 | 1 Interactual Technologies | 1 Interactual Player | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2000-0175 | 1 Sun | 1 Staroffice | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
|
|||||