Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0859 | 1 Gordano | 1 Ntmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.
|
|||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability.
|
|||||
| CVE-2001-1130 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
|
|||||
| CVE-2005-1765 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments.
|
|||||
| CVE-2002-1257 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
|
|||||
| CVE-2006-0464 | 1 Ideosoft Design | 1 Ideocontent Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter.
|
|||||
| CVE-2004-1683 | 1 Qnx | 1 Rtos | 2025-04-03 | 3.7 LOW | N/A |
|
A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.
|
|||||
| CVE-2006-2449 | 1 Kde | 1 Kde | 2025-04-03 | 4.0 MEDIUM | N/A |
|
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
|
|||||
| CVE-2005-2168 | 1 Frozenplague.net | 1 Plague News System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
|
|||||
| CVE-2005-0731 | 1 Py Software | 1 Active Webcam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html.
|
|||||
| CVE-2002-1699 | 1 Pascal Michaud | 1 Asp Client Check | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field.
|
|||||
| CVE-2006-0815 | 1 Networkactiv | 1 Networkactiv Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.
|
|||||
| CVE-2003-0137 | 1 Nokia | 1 Sgsn Dx200 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.
|
|||||
| CVE-2002-0582 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory.
|
|||||
| CVE-2000-0353 | 1 University Of Washington | 1 Pine | 2025-04-03 | 10.0 HIGH | N/A |
|
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
|
|||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
|
|||||
| CVE-1999-0059 | 1 Sgi | 1 Irix | 2025-04-03 | 7.1 HIGH | 7.3 HIGH |
|
IRIX fam service allows an attacker to obtain a list of all files on the server.
|
|||||
| CVE-2003-0023 | 1 Rxvt | 1 Rxvt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
|
|||||
| CVE-2006-1945 | 1 Awstats | 1 Awstats | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.
|
|||||
| CVE-2005-4346 | 1 Anthony Boyd | 1 Phpbb Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.
|
|||||
| CVE-1999-0618 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The rexec service is running.
|
|||||
| CVE-2006-0377 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
|
|||||
| CVE-2002-0057 | 1 Microsoft | 4 Internet Explorer, Sql Server, Windows Xp and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
|
|||||
| CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.6 LOW | N/A |
|
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
|
|||||
| CVE-2005-4151 | 1 Pgp | 1 Desktop | 2025-04-03 | 2.1 LOW | N/A |
|
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk.
|
|||||
| CVE-2000-1152 | 1 Be | 1 Beos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
|
|||||
| CVE-2004-0267 | 1 Broadcom | 1 Inoculateit | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
|
|||||
| CVE-2000-0038 | 1 Glftpd | 1 Glftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
glFtpD includes a default glftpd user account with a default password and a UID of 0.
|
|||||
| CVE-2005-0980 | 1 Alstrasoft | 1 Epay | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-0916 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.
|
|||||
| CVE-2000-0641 | 1 Michael Lamont | 1 Savant Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Savant web server allows remote attackers to execute arbitrary commands via a long GET request.
|
|||||
| CVE-2001-0344 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.2 HIGH | N/A |
|
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
|
|||||
| CVE-2004-1666 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
|
|||||
| CVE-2000-1232 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
|
|||||
| CVE-2003-0361 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
|
|||||
| CVE-2006-3527 | 1 Bosdev | 1 Bosclassifieds Classified Ads | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php.
|
|||||
| CVE-2006-4376 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.
|
|||||
| CVE-2000-0229 | 4 Alessandro Rubini, Debian, Redhat and 1 more | 4 Gpm, Debian Linux, Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
|
|||||
| CVE-2006-2633 | 1 Andrew Godwin | 1 Bytehoard | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.
|
|||||
| CVE-2006-2107 | 1 Bl4 | 1 Smtp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.
|
|||||