Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2799 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
|
|||||
| CVE-1999-0413 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.
|
|||||
| CVE-2004-1068 | 3 Linux, Redhat, Ubuntu | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2025-04-03 | 6.2 MEDIUM | N/A |
|
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
|
|||||
| CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.
|
|||||
| CVE-1999-0419 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service.
|
|||||
| CVE-2006-1578 | 1 Index Data Aps | 1 Keystone Digital Library Suite | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.
|
|||||
| CVE-2001-1290 | 1 Active Web Suite Technologies | 1 Active Classifieds | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
|
|||||
| CVE-2003-0586 | 1 Brooky | 1 Estore | 2025-04-03 | 7.5 HIGH | N/A |
|
Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php.
|
|||||
| CVE-2005-2876 | 1 Andries Brouwer | 1 Util-linux | 2025-04-03 | 7.2 HIGH | N/A |
|
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
|
|||||
| CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2025-04-03 | 5.1 MEDIUM | N/A |
|
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.
|
|||||
| CVE-2001-0424 | 2 Freebsd, Timecop | 2 Freebsd, Bubblemon | 2025-04-03 | 7.2 HIGH | N/A |
|
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
|
|||||
| CVE-2004-2052 | 1 Esesix | 1 Thintune | 2025-04-03 | 7.5 HIGH | N/A |
|
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
|
|||||
| CVE-2006-1126 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
|
|||||
| CVE-2005-2146 | 1 Ssh | 1 Tectia Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
|
|||||
| CVE-2004-2119 | 1 Tinyserver | 1 Tinyserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2002-0910 | 1 Debian | 1 Netstd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.
|
|||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
|
|||||
| CVE-2001-0301 | 1 Stephen Turner | 1 Analog | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
|
|||||
| CVE-2006-2956 | 1 Skoom | 1 I.list | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php.
|
|||||
| CVE-2005-3672 | 1 Stonesoft | 1 Stonegate Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-2001-0611 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2025-04-03 | 7.5 HIGH | N/A |
|
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.
|
|||||
| CVE-2000-0490 | 1 Netwin | 1 Dmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.
|
|||||
| CVE-2000-0812 | 1 Sun | 1 Java System Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
|
|||||
| CVE-1999-0069 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Solaris ufsrestore buffer overflow.
|
|||||
| CVE-2004-1802 | 1 Lionmax Software | 1 Chat Anywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
|
|||||
| CVE-2001-0741 | 1 Cisco | 1 Hsrp | 2025-04-03 | 2.1 LOW | N/A |
|
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
|
|||||
| CVE-2000-0911 | 1 Horde | 1 Imp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
|
|||||
| CVE-2005-0111 | 1 Mysql | 1 Maxdb | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
|
|||||
| CVE-2002-1098 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
|
|||||
| CVE-2006-2443 | 1 Knowledgetree | 1 Knowledgetree | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.
|
|||||
| CVE-2005-2650 | 1 Emefa | 1 Emefa Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters.
|
|||||
| CVE-2005-0005 | 6 Debian, Gentoo, Graphicsmagick and 3 more | 6 Debian Linux, Linux, Graphicsmagick and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
|
|||||
| CVE-2004-2071 | 1 Macallan | 1 Mail Solution | 2025-04-03 | 7.5 HIGH | N/A |
|
Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.
|
|||||
| CVE-2005-4020 | 1 Widget Press | 1 Widget Imprint | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
|
|||||
| CVE-2000-1075 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
|
|||||
| CVE-2003-0173 | 2 Sgi, Xfsdump | 2 Irix, Xfsdump | 2025-04-03 | 7.2 HIGH | N/A |
|
xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.
|
|||||
| CVE-2004-1711 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
|
|||||
| CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
|
|||||
| CVE-2003-0695 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
|
|||||
| CVE-2005-2358 | 1 Emc | 1 Navisphere Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot).
|
|||||