Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0087 | 2 Alsa-project, Redhat | 2 Alsa-lib, Enterprise Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.
|
|||||
| CVE-2000-0528 | 1 Network Associates | 1 Net Tools Pki Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.
|
|||||
| CVE-2002-0306 | 1 Avengers News System | 1 Avengers News System | 2025-04-03 | 7.5 HIGH | N/A |
|
ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter.
|
|||||
| CVE-1999-1269 | 1 Kde | 1 Kde Beta 3 | 2025-04-03 | 2.1 LOW | N/A |
|
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
|
|||||
| CVE-2000-0030 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
|
|||||
| CVE-2005-0320 | 1 Icewarp | 1 Web Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.
|
|||||
| CVE-2006-4312 | 1 Cisco | 9 Adaptive Security Appliance, Pix Firewall 501, Pix Firewall 506 and 6 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.
|
|||||
| CVE-2004-2142 | 1 Jorg Schilling | 1 Sdd | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors.
|
|||||
| CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2025-04-03 | 7.5 HIGH | N/A |
|
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
|
|||||
| CVE-2005-3222 | 1 Vba32 | 1 Vba32 Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2002-0908 | 1 Cisco | 1 Ids Device Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request.
|
|||||
| CVE-2005-2315 | 1 Dnrd | 1 Dnrd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared.
|
|||||
| CVE-2006-4034 | 1 Moderngigabyte | 1 Modernbill | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
|
|||||
| CVE-2003-1246 | 1 Pedestal Software | 1 Integrity Protection Driver | 2025-04-03 | 2.1 LOW | N/A |
|
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
|
|||||
| CVE-2002-0861 | 1 Microsoft | 2 Office Web Components, Project | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
|
|||||
| CVE-2002-0690 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
|
|||||
| CVE-2004-1888 | 1 Aborior | 1 Encore Web Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.
|
|||||
| CVE-2002-0733 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
|
|||||
| CVE-2002-1544 | 1 Cooolsoft | 1 Personal Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get.
|
|||||
| CVE-1999-0206 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 10.0 HIGH | N/A |
|
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
|
|||||
| CVE-2006-2841 | 1 Associated | 1 Associated Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php.
|
|||||
| CVE-2005-1073 | 1 Radscripts | 1 Radbids | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.
|
|||||
| CVE-2003-0885 | 1 Xscreensaver | 1 Xscreensaver | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2001-1176 | 1 Checkpoint | 3 Firewall-1, Provider-1, Vpn-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
|
|||||
| CVE-2005-4814 | 1 Middlebury College | 1 Segue Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
|
|||||
| CVE-2005-1097 | 1 Rebrand | 1 P2p Share Spy | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges.
|
|||||
| CVE-2001-0669 | 4 Cisco, Enterasys, Iss and 1 more | 6 Catalyst 6000 Intrusion Detection System Module, Secure Intrusion Detection System, Dragon and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
|
|||||
| CVE-2005-2762 | 1 Avaya | 1 Vpnremote | 2025-04-03 | 2.1 LOW | N/A |
|
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
|
|||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
|
|||||
| CVE-2002-0273 | 1 Netwin | 1 Cwmail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter.
|
|||||
| CVE-2005-4415 | 1 Tml | 1 Tml | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.
|
|||||
| CVE-2004-2356 | 1 Fizmez | 1 Fizmez Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference.
|
|||||
| CVE-2001-0998 | 1 Ibm | 2 Aix, Hacmp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
|
|||||
| CVE-2003-0821 | 1 Microsoft | 2 Word, Works | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
|
|||||
| CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-4270 | 1 Watchfire | 1 Appscan Qa | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.
|
|||||
| CVE-2002-1558 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 10.0 HIGH | N/A |
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
|
|||||
| CVE-2000-0995 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
|
|||||
| CVE-2004-2307 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
|
|||||
| CVE-2005-0589 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
|
|||||