Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1002 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Navigator uses weak encryption for storing a user's Netscape mail password.
|
|||||
| CVE-2005-3886 | 1 Cisco | 1 Security Agent | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
|
|||||
| CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.
|
|||||
| CVE-2000-1168 | 1 Ibm | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
|
|||||
| CVE-2004-0397 | 1 Subversion | 1 Subversion | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
|
|||||
| CVE-2000-0906 | 1 Moreover.com | 1 Cached Feed.cgi Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters.
|
|||||
| CVE-2002-0667 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 10.0 HIGH | N/A |
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone.
|
|||||
| CVE-2005-4528 | 1 Chatspot | 1 Chatspot | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2004-0559 | 3 Mandrakesoft, Usermin, Webmin | 4 Mandrake Linux, Mandrake Linux Corporate Server, Usermin and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
|
|||||
| CVE-2000-0313 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
|
|||||
| CVE-2006-1175 | 1 Weonlydo | 1 Weonlydo Sftp | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.
|
|||||
| CVE-1999-1299 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
|
|||||
| CVE-1999-0737 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
|
|||||
| CVE-2006-0425 | 1 Oracle | 1 Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
|
|||||
| CVE-2003-0418 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses.
|
|||||
| CVE-2005-0337 | 3 Redhat, Suse, Wietse Venema | 4 Enterprise Linux, Enterprise Linux Desktop, Suse Linux and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
|
|||||
| CVE-2002-1616 | 1 Hp | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.
|
|||||
| CVE-2002-0739 | 1 Postnuke Software Foundation | 1 Postcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.
|
|||||
| CVE-2006-3207 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation.
|
|||||
| CVE-2006-2538 | 2 Ie Tab, Mozilla | 2 Ie Tab, Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability.
|
|||||
| CVE-2005-3434 | 1 Archilles | 1 Newsworld | 2025-04-03 | 7.5 HIGH | N/A |
|
Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.
|
|||||
| CVE-2002-1031 | 1 Key Focus | 1 Kf Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character.
|
|||||
| CVE-2006-3006 | 1 Ifoto | 1 Ifoto | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter.
|
|||||
| CVE-2004-1618 | 1 Vypress | 1 Tonecast | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream.
|
|||||
| CVE-2002-0538 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
|
|||||
| CVE-2002-0799 | 1 Youngzsoft | 1 Cmailserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
|
|||||
| CVE-2005-4545 | 1 Netdirect | 1 Shopengine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-2441 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
|
|||||
| CVE-2004-2680 | 1 Apache | 1 Mod Python | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
|
|||||
| CVE-2002-1406 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior."
|
|||||
| CVE-2005-1551 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.
|
|||||
| CVE-2005-2694 | 1 Winace | 1 Winace | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name.
|
|||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
|
|||||
| CVE-2006-1045 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.
|
|||||
| CVE-2000-0401 | 1 Pdgsoft | 1 Pdg Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string.
|
|||||
| CVE-2006-1399 | 1 Php Lite | 1 Meeting Reserve | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2000-1089 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
|
|||||
| CVE-2003-0604 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
|
|||||
| CVE-1999-1241 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
|
|||||
| CVE-2006-1723 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
|
|||||