Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0010 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
|
|||||
| CVE-2005-4076 | 1 Appfluent Technology | 1 Database Ids | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable.
|
|||||
| CVE-1999-0389 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the bootp server in the Debian Linux netstd package.
|
|||||
| CVE-2006-3135 | 1 Hotwebscripts | 1 Cms Mundo | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
|
|||||
| CVE-2003-0405 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command.
|
|||||
| CVE-2005-3341 | 1 Dhis Tools | 1 Dns Package | 2025-04-03 | 2.1 LOW | N/A |
|
DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.
|
|||||
| CVE-1999-1426 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2005-3374 | 1 Frisk Software | 1 F-prot Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2002-0065 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2025-04-03 | 7.2 HIGH | N/A |
|
Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry.
|
|||||
| CVE-2001-1171 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.2 HIGH | N/A |
|
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.
|
|||||
| CVE-2006-3143 | 1 Maximus | 1 Schoolmax | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter.
|
|||||
| CVE-2004-1110 | 2 Gentoo, Jean-jacques Sarton | 2 Linux, Mtink | 2025-04-03 | 2.1 LOW | N/A |
|
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
|
|||||
| CVE-2005-0707 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.
|
|||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
|
|||||
| CVE-2005-1361 | 1 Metalinks | 1 Metacart E-shop | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.
|
|||||
| CVE-2000-0005 | 1 Hp | 3 9000, Aserver, Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
HP-UX aserver program allows local users to gain privileges via a symlink attack.
|
|||||
| CVE-2006-3611 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
|
|||||
| CVE-2006-3288 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors.
|
|||||
| CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
|
|||||
| CVE-2002-1057 | 1 Smartmax Software | 1 Mailmax | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command.
|
|||||
| CVE-2005-0464 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error.
|
|||||
| CVE-2005-0070 | 1 Synaesthesia | 1 Synaesthesia | 2025-04-03 | 7.2 HIGH | N/A |
|
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.
|
|||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter).
|
|||||
| CVE-2000-1150 | 1 Xavier Ducrohet | 1 Felix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
|
|||||
| CVE-2005-4213 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.
|
|||||
| CVE-2004-1537 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
|
|||||
| CVE-2002-1013 | 1 Inktomi | 3 Media-ixt, Traffic Edge, Traffic Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.
|
|||||
| CVE-2005-0454 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.
|
|||||
| CVE-1999-1192 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2005-1829 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a denial of service (infinite loop and application crash) via two embedded files that call each other.
|
|||||
| CVE-2005-0137 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."
|
|||||
| CVE-2006-1576 | 1 Vscripts.pl | 1 Qlnews | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.
|
|||||
| CVE-2001-0163 | 1 Cisco | 1 Aironet Ap340 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
|
|||||
| CVE-2000-0958 | 1 Sun | 1 Hotjava Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
|
|||||
| CVE-2005-3967 | 1 Atlassian | 1 Confluence | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
|
|||||
| CVE-2003-0939 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.5 HIGH | N/A |
|
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
|
|||||
| CVE-1999-1139 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
|
|||||
| CVE-2006-4856 | 1 Roller Weblogger | 1 Roller Weblogger | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.
|
|||||
| CVE-2002-0041 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump.
|
|||||
| CVE-2005-3516 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter.
|
|||||