Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1501 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
|
|||||
| CVE-2004-0713 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
|
|||||
| CVE-2001-0724 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
|
|||||
| CVE-2003-0211 | 1 Xinetd | 1 Xinetd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
|
|||||
| CVE-2001-0064 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.
|
|||||
| CVE-2006-1808 | 1 Lifetype | 1 Lifetype | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.
|
|||||
| CVE-2004-0526 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
|
|||||
| CVE-2005-2082 | 1 Cgi-club | 1 Imtrset | 2025-04-03 | 5.0 MEDIUM | N/A |
|
im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter.
|
|||||
| CVE-2005-1080 | 1 Sun | 1 Sdk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
|
|||||
| CVE-2004-0928 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
|
|||||
| CVE-1999-0676 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
|
|||||
| CVE-2006-2777 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
|
|||||
| CVE-2000-0980 | 1 Microsoft | 4 Windows 95, Windows 98, Windows 98se and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.
|
|||||
| CVE-2003-0366 | 1 Lysator | 1 Lyskom-server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
|
|||||
| CVE-2003-1082 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
|
|||||
| CVE-1999-0346 | 1 Php | 1 Php Fi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGI PHP mlog script allows an attacker to read any file on the target server.
|
|||||
| CVE-2000-0151 | 1 Gnu | 1 Make | 2025-04-03 | 6.2 MEDIUM | N/A |
|
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
|
|||||
| CVE-2005-1280 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
|
|||||
| CVE-2002-1042 | 2 Netscape, Sun | 4 Enterprise Server, Iplanet Web Server, One Application Server and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
|
|||||
| CVE-2002-0005 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).
|
|||||
| CVE-1999-0947 | 1 An | 1 An-httpd | 2025-04-03 | 7.5 HIGH | N/A |
|
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
|
|||||
| CVE-2002-0405 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters.
|
|||||
| CVE-2002-1354 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command.
|
|||||
| CVE-2001-0074 | 1 Technote Inc | 1 Technote | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter.
|
|||||
| CVE-2004-1281 | 1 Junkie | 1 Junkie Ftp Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in a filename.
|
|||||
| CVE-2002-1004 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
|
|||||
| CVE-2005-4168 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.
|
|||||
| CVE-1999-0009 | 11 Bsdi, Caldera, Data General and 8 more | 13 Bsd Os, Openlinux, Dg Ux and 10 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
|
|||||
| CVE-1999-0924 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
|
|||||
| CVE-2006-0211 | 1 Helm Hosting | 1 Helm Hosting Control Panel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.
|
|||||
| CVE-2004-2098 | 1 Native Solutions | 1 Tbe Banner Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.
|
|||||
| CVE-2005-3850 | 1 Onlinetechtools.com | 1 Okbsys Lite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter.
|
|||||
| CVE-2005-2943 | 1 Davide Libenzi | 1 Xmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.
|
|||||
| CVE-2005-4808 | 2 Canonical, Gnu | 2 Ubuntu Linux, Binutils | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
|
|||||
| CVE-2002-1468 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
|
|||||
| CVE-2004-0251 | 1 Rxgoogle.cgi | 1 Rxgoogle.cgi | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter.
|
|||||
| CVE-2001-0357 | 1 Matt Wright | 1 Formmail | 2025-04-03 | 7.5 HIGH | N/A |
|
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
|
|||||
| CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.
|
|||||
| CVE-2005-1659 | 1 Myserver | 1 Myserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.
|
|||||
| CVE-2004-1673 | 1 Icewarp | 1 Web Mail | 2025-04-03 | 7.5 HIGH | N/A |
|
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
|
|||||