Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1405 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
|
|||||
| CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2001-0171 | 1 Whitsoft | 1 Slimserve | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request.
|
|||||
| CVE-2005-1478 | 1 Netwin | 1 Dmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
|
|||||
| CVE-2002-1008 | 1 Summit Computer Networks | 1 Lil Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request.
|
|||||
| CVE-2004-1526 | 1 New Media Generation | 1 Hired Team Trial | 2025-04-03 | 7.5 HIGH | N/A |
|
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
|
|||||
| CVE-1999-1353 | 1 Nosque | 1 Msgcore | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Nosque MsgCore 2.14 stores passwords in cleartext: (1) the administrator password in the AdmPasswd registry key, and (2) user passwords in the Userbase.dbf data file, which could allow local users to gain privileges.
|
|||||
| CVE-2003-0754 | 1 Newsphp | 1 Newsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.
|
|||||
| CVE-2005-1043 | 6 Apple, Conectiva, Peachtree and 3 more | 7 Mac Os X, Mac Os X Server, Linux and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
|
|||||
| CVE-2004-1589 | 1 Gosmart | 1 Gosmart Message Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp.
|
|||||
| CVE-2006-0315 | 1 Indexcor | 1 Ezdatabase | 2025-04-03 | 5.8 MEDIUM | N/A |
|
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
|
|||||
| CVE-2004-0479 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
|
|||||
| CVE-2001-0194 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
|
|||||
| CVE-2001-0943 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.2 HIGH | N/A |
|
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
|
|||||
| CVE-2000-0920 | 1 Boa | 1 Boa Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."
|
|||||
| CVE-1999-0834 | 1 Rsa | 1 Rsaref | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
|
|||||
| CVE-1999-0871 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
|
|||||
| CVE-2005-1245 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-1999-0937 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
|
|||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.2 HIGH | N/A |
|
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
|
|||||
| CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
|
|||||
| CVE-2005-0859 | 1 Czaries Network | 1 Czarnews | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.
|
|||||
| CVE-2005-4631 | 1 Ryan Lath | 1 Zina | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
|||||
| CVE-2001-0391 | 1 Imatix | 1 Xitami | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
|
|||||
| CVE-2005-2935 | 1 Microsoft | 1 Antispyware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940.
|
|||||
| CVE-2006-3094 | 1 Vincent Hor | 1 Calendarix Basic | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php.
|
|||||
| CVE-2005-3129 | 1 S9y | 1 Serendipity | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
|
|||||
| CVE-2003-0469 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
|
|||||
| CVE-2005-4358 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
|
|||||
| CVE-2001-0658 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
|
|||||
| CVE-1999-1348 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service.
|
|||||
| CVE-2004-1393 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
|
|||||
| CVE-2002-0036 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
|
|||||
| CVE-2005-3306 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307.
|
|||||
| CVE-2004-2059 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
|
|||||
| CVE-2001-0549 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
|
|||||
| CVE-1999-1532 | 1 Netscape | 1 Messaging Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
|
|||||
| CVE-2004-0902 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
|
|||||
| CVE-2004-1678 | 1 Logicnow | 1 Perldesk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
|
|||||
| CVE-2002-1964 | 1 Wesmo | 1 Phpeventcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors.
|
|||||