Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0236 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
|
|||||
| CVE-2006-0680 | 1 Plain Black | 1 Webgui | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL.
|
|||||
| CVE-2001-1154 | 2 Bsdi, Carnegie Mellon University | 2 Bsd Os, Cyrus Imap Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
|
|||||
| CVE-2000-0811 | 1 Cgi Script Center | 1 Auction Weaver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
|
|||||
| CVE-2006-4193 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
|
|||||
| CVE-2004-2082 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
|
|||||
| CVE-1999-1459 | 1 Bmc | 1 Patrol Agent | 2025-04-03 | 7.2 HIGH | N/A |
|
BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file.
|
|||||
| CVE-2006-4017 | 1 Inter Network Marketing Ag | 1 G3 Content Management System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
|
|||||
| CVE-2006-0942 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.
|
|||||
| CVE-2000-0031 | 1 Redhat | 1 Linux | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
|
|||||
| CVE-2005-3337 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
|
|||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
|
|||||
| CVE-2006-0617 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."
|
|||||
| CVE-2005-4262 | 1 Envolution | 1 Envolution | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263).
|
|||||
| CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
|
|||||
| CVE-2004-0723 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."
|
|||||
| CVE-2006-2152 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
|
|||||
| CVE-2001-1258 | 1 Horde | 1 Imp | 2025-04-03 | 3.6 LOW | N/A |
|
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
|
|||||
| CVE-2001-0708 | 1 Denicomp | 1 Rexecd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string.
|
|||||
| CVE-1999-0674 | 3 Netbsd, Openbsd, Sun | 4 Netbsd, Openbsd, Solaris and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
|
|||||
| CVE-2004-1156 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
|
|||||
| CVE-2001-0581 | 1 Spytech | 1 Spynet Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.
|
|||||
| CVE-2000-0195 | 1 Corel | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.
|
|||||
| CVE-2004-0110 | 2 Sgi, Xmlsoft | 3 Propack, Libxml, Libxml2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
|
|||||
| CVE-2005-1455 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).
|
|||||
| CVE-1999-1223 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
|
|||||
| CVE-2004-0533 | 1 Businessobjects | 2 Infoview, Webintelligence | 2025-04-03 | 2.1 LOW | N/A |
|
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
|
|||||
| CVE-2006-0597 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".
|
|||||
| CVE-1999-0699 | 1 Bluestone | 1 Sapphire Web | 2025-04-03 | 7.5 HIGH | N/A |
|
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.
|
|||||
| CVE-2005-1453 | 1 Leafnode | 1 Leafnode | 2025-04-03 | 5.0 MEDIUM | N/A |
|
fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.
|
|||||
| CVE-2003-0565 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.
|
|||||
| CVE-2006-0106 | 1 Wine | 1 Wine | 2025-04-03 | 7.5 HIGH | N/A |
|
gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase.
|
|||||
| CVE-2004-1197 | 1 Insite | 2 Inmail, Inshop | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter.
|
|||||
| CVE-1999-0122 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX lchangelv gives root access.
|
|||||
| CVE-2002-0831 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
|
|||||
| CVE-2006-4684 | 1 Zope | 1 Zope | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
|
|||||
| CVE-2003-0771 | 1 Apache Gallery | 1 Apache Gallery | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
|
|||||
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2025-04-03 | 7.5 HIGH | N/A |
|
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2003-0010 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
|
|||||
| CVE-2005-3676 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter.
|
|||||