Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3755 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
|
|||||
| CVE-1999-1332 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
|
|||||
| CVE-1999-1224 | 1 University Of Washington | 1 Imapd | 2025-04-03 | 3.6 LOW | N/A |
|
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
|
|||||
| CVE-2003-0641 | 1 Watchguard | 1 Serverlock | 2025-04-03 | 4.6 MEDIUM | N/A |
|
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.
|
|||||
| CVE-2002-0883 | 1 Compaq | 1 Proliant Bl E-class Integrated Administrator Firmware | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1.0 and 1.10, allows authenticated users with Telnet, SSH, or console access to conduct unauthorized activities.
|
|||||
| CVE-2000-0855 | 1 Xs4all Data | 1 Xs4all Data Sunftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline.
|
|||||
| CVE-2005-0520 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 10.0 HIGH | N/A |
|
ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.
|
|||||
| CVE-2004-0952 | 1 Hp | 1 Hp-ux | 2025-04-03 | 6.4 MEDIUM | N/A |
|
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
|
|||||
| CVE-2005-4514 | 1 Webwasher | 1 Csm Appliance Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103
|
|||||
| CVE-2002-0931 | 1 Luis Bernardo | 1 Myhelpdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possibly other versions, allows remote attackers to execute script as other users via a (1) Title or (2) Description when a new ticket is created by a support assistant, via the "id" parameter to the index.php script with the (3) tickettime, (4) ticketfiles, or (5) updateticketlog operations, or (6) via the update section when a ticket is edited.
|
|||||
| CVE-2000-0737 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
|
|||||
| CVE-2004-0612 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.
|
|||||
| CVE-2000-0797 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
|
|||||
| CVE-2006-3657 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
|
|||||
| CVE-2001-0137 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
|
|||||
| CVE-2003-0610 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request.
|
|||||
| CVE-2004-0606 | 1 Infoblox | 1 Dns One Appliance | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request.
|
|||||
| CVE-2005-0179 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.
|
|||||
| CVE-2001-0170 | 4 Conectiva, Debian, Immunix and 1 more | 4 Linux, Debian Linux, Immunix and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
|
|||||
| CVE-2004-0641 | 1 Thomson | 1 Speedtouch | 2025-04-03 | 7.5 HIGH | N/A |
|
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
|
|||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2001-1264 | 1 Hp | 2 Hp-ux, Vvos | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
|
|||||
| CVE-2001-1274 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
|
|||||
| CVE-2005-3917 | 1 Commodityrentals | 1 Commodityrentals | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
|
|||||
| CVE-2002-1419 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
|
|||||
| CVE-2005-3904 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.
|
|||||
| CVE-2004-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
|
|||||
| CVE-2004-0950 | 1 Danware Data | 1 Netop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request.
|
|||||
| CVE-2002-1552 | 1 Novell | 1 Edirectory | 2025-04-03 | 7.5 HIGH | N/A |
|
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.
|
|||||
| CVE-2003-0830 | 1 Marbles | 1 Marbles | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable.
|
|||||
| CVE-2001-0439 | 5 Conectiva, Freebsd, Licq and 2 more | 6 Linux, Freebsd, Licq and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
|||||
| CVE-2004-1695 | 1 Emulive | 1 Server4 | 2025-04-03 | 10.0 HIGH | N/A |
|
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
|
|||||
| CVE-2005-4391 | 1 Mindroute Software | 1 Damoon | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter.
|
|||||
| CVE-2000-0345 | 1 Cisco | 7 Ios, Router 2500, Router 2600 and 4 more | 2025-04-03 | 2.1 LOW | N/A |
|
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
|
|||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.
|
|||||
| CVE-1999-0097 | 3 Hp, Ibm, Sun | 4 Hp-ux, Aix, Solaris and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
|
|||||
| CVE-2006-3963 | 1 Banex | 1 Banex | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
|
|||||
| CVE-2003-1278 | 1 Infopop | 1 Opentopic | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.
|
|||||
| CVE-2001-0590 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
|
|||||
| CVE-2001-1325 | 1 Microsoft | 2 Internet Explorer, Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
|
|||||