Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.
|
|||||
| CVE-2005-2038 | 1 Fortibus | 1 Fortibus Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page.
|
|||||
| CVE-2000-0230 | 2 Halloween, Redhat | 2 Halloween Linux, Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
|
|||||
| CVE-2006-0615 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."
|
|||||
| CVE-2004-2282 | 1 Daniel Barron | 1 Dansguardian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
|
|||||
| CVE-1999-1039 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise.
|
|||||
| CVE-2005-0484 | 1 Gproftpd | 1 Gproftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
|
|||||
| CVE-2005-4754 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
|
|||||
| CVE-2004-1257 | 1 Abc2mtex | 1 Abc2mtex | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files.
|
|||||
| CVE-2002-2392 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
|
|||||
| CVE-2003-1065 | 1 Sun | 1 Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).
|
|||||
| CVE-2002-1498 | 1 Trevor Lee | 1 Swserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters.
|
|||||
| CVE-2005-1493 | 1 Dead Pirate Software | 1 Simplecam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.
|
|||||
| CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2025-04-03 | 4.6 MEDIUM | N/A |
|
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
|
|||||
| CVE-2001-1234 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
|
|||||
| CVE-2000-0080 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
AIX techlibss allows local users to overwrite files via a symlink attack.
|
|||||
| CVE-1999-1138 | 1 Sco | 4 Open Desktop, Open Desktop Lite, Openserver and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
|
|||||
| CVE-2005-2376 | 1 Codemasters | 1 Toca Race Driver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message.
|
|||||
| CVE-2001-0753 | 1 Cisco | 1 Cbos | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
|
|||||
| CVE-2006-2426 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.
|
|||||
| CVE-2002-1191 | 1 Sabre | 1 Desktop Reservation Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001.
|
|||||
| CVE-2001-0302 | 1 Pi3 | 1 Pi3web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
|
|||||
| CVE-2003-0910 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
|
|||||
| CVE-2002-0518 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.
|
|||||
| CVE-2005-1377 | 1 Claroline | 1 Claroline | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
|
|||||
| CVE-2003-0408 | 1 The Uptimes Project | 1 Upclient | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument.
|
|||||
| CVE-1999-0740 | 1 Redhat | 1 Linux | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
|
|||||
| CVE-1999-0273 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
|
|||||
| CVE-1999-1222 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
|
|||||
| CVE-2005-3207 | 1 Oracle | 1 Forms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.
|
|||||
| CVE-2004-1743 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
|
|||||
| CVE-2005-0462 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter.
|
|||||
| CVE-2005-4041 | 1 Mr. Cgi Guy | 2 Hot Links Pro, Hot Links Sql | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string.
|
|||||
| CVE-2006-4600 | 1 Openldap | 1 Openldap | 2025-04-03 | 2.3 LOW | N/A |
|
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
|
|||||
| CVE-2005-1700 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.
|
|||||
| CVE-2001-1529 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
|
|||||
| CVE-2000-0782 | 1 Netwin | 1 Netauth | 2025-04-03 | 5.0 MEDIUM | N/A |
|
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2004-0465 | 1 Openconnect | 1 Webconnect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.
|
|||||
| CVE-2005-2197 | 1 Id Board | 1 Id Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.
|
|||||
| CVE-2006-2958 | 1 Filzip | 1 Filzip | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||