Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2221 | 2 Bitrock, Process-one | 2 Install Builder, Ejabberd | 2025-04-03 | 2.1 LOW | N/A |
|
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.
|
|||||
| CVE-2000-0768 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
|
|||||
| CVE-2006-1762 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values.
|
|||||
| CVE-2004-1288 | 1 Siag | 1 O3read | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file.
|
|||||
| CVE-2004-1840 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
|
|||||
| CVE-2005-0069 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2005-4207 | 1 Btgrup | 1 Admin Webcontroller Script | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields.
|
|||||
| CVE-2004-1312 | 1 Gfi | 2 Mailessentials, Mailsecurity | 2025-04-03 | 10.0 HIGH | N/A |
|
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
|
|||||
| CVE-2005-1956 | 1 File Upload Manager | 1 File Upload Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.
|
|||||
| CVE-2002-1290 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.
|
|||||
| CVE-2004-2665 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2002-2190 | 1 Artscore Studios | 1 Cutecast Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file.
|
|||||
| CVE-1999-0365 | 1 Metainfo | 2 Metaip, Sendmail | 2025-04-03 | 7.5 HIGH | N/A |
|
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.
|
|||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe.
|
|||||
| CVE-2005-4615 | 1 Dapperdesk | 1 Dapperdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2000-0443 | 1 Hp | 1 Jetadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-1284 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.
|
|||||
| CVE-2006-1481 | 1 Php Ticket | 1 Php Ticket | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
|
|||||
| CVE-2005-3096 | 1 Avi Alkalay | 1 Nslookup.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter.
|
|||||
| CVE-2006-1377 | 2 Comoblog Project, Easymoblog | 2 Comoblog, Easymoblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.
|
|||||
| CVE-2005-0910 | 1 E-xoops | 1 E-xoops | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
|
|||||
| CVE-2006-0420 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."
|
|||||
| CVE-2005-3101 | 1 Six Apart | 1 Movable Type | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.
|
|||||
| CVE-2002-0001 | 1 Mutt | 1 Mutt | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
|
|||||
| CVE-2001-1370 | 1 Phplib Team | 1 Phplib | 2025-04-03 | 10.0 HIGH | N/A |
|
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
|
|||||
| CVE-2006-3608 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
|
|||||
| CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ws Ftp Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
|
|||||
| CVE-2002-1456 | 1 Khaled Mardam-bey | 1 Mirc | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
|
|||||
| CVE-2006-1878 | 1 Phpfaber | 1 Topsites | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2004-0686 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
|
|||||
| CVE-2006-3148 | 1 Open-realty | 1 Open-realty | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.
|
|||||
| CVE-2004-1327 | 1 Crystal Art Software | 1 Crystal Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.
|
|||||
| CVE-1999-0088 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
|
|||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2025-04-03 | 5.0 MEDIUM | N/A |
|
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message.
|
|||||
| CVE-2006-1231 | 1 Julian Pawlowski | 1 Capi4hylafax | 2025-04-03 | 1.2 LOW | N/A |
|
CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file.
|
|||||
| CVE-2002-0135 | 1 Netopia | 1 Timbuktu Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420).
|
|||||
| CVE-2005-1563 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.
|
|||||
| CVE-1999-0111 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RIP v1 is susceptible to spoofing.
|
|||||
| CVE-2006-0790 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite.
|
|||||
| CVE-1999-1537 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
|
|||||