Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2962 | 1 Ntlmaps | 1 Ntlmaps | 2025-04-03 | 2.1 LOW | N/A |
|
The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.
|
|||||
| CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2025-04-03 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.
|
|||||
| CVE-2006-0573 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html.
|
|||||
| CVE-2006-1584 | 1 Juliusz Julas Gonera | 1 Warcraft Iii Replay Parser Php | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.
|
|||||
| CVE-2004-0991 | 2 Mpg123, Suse | 2 Mpg123, Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
|
|||||
| CVE-2002-0297 | 1 Nombas | 1 Scriptease Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
|
|||||
| CVE-2003-1191 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
|
|||||
| CVE-2000-0616 | 1 Hp | 1 Mpe Ix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.
|
|||||
| CVE-2000-1192 | 1 Btt Software | 1 Snmp Trap Watcher | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
|
|||||
| CVE-2005-0975 | 2 Apple, Opendarwin | 3 Mac Os X, Mac Os X Server, Darwin Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
|
|||||
| CVE-2004-0481 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
|
|||||
| CVE-2005-4347 | 1 Debian | 2 Debian Linux, Kernel-patch-vserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.
|
|||||
| CVE-2005-0729 | 1 Techland | 1 Xpand Rally | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message.
|
|||||
| CVE-2005-3592 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter.
|
|||||
| CVE-2001-1409 | 1 Xfree86 Project | 1 Xfree86 X Server | 2025-04-03 | 3.6 LOW | N/A |
|
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
|
|||||
| CVE-2002-1409 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
|
|||||
| CVE-2006-0736 | 1 Novell | 2 Linux Desktop, Open Enterprise Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-3850 | 1 Lussumo | 1 Vanilla | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected
|
|||||
| CVE-2003-0827 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
|
|||||
| CVE-2004-1776 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
|
|||||
| CVE-2002-0537 | 1 Stepweb | 1 Sws | 2025-04-03 | 10.0 HIGH | N/A |
|
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
|
|||||
| CVE-2000-0923 | 1 Aplio | 1 Aplio Phone | 2025-04-03 | 7.5 HIGH | N/A |
|
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
|
|||||
| CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
|
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
|
|||||
| CVE-2004-0277 | 1 Bolintech | 1 Dream Ftp Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.
|
|||||
| CVE-2000-1116 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.
|
|||||
| CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.6 HIGH | N/A |
|
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.
|
|||||
| CVE-2006-2021 | 1 Asteriskathome | 1 Asteriskathome | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.
|
|||||
| CVE-2004-2268 | 1 Pimentech | 1 Pimengest2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.
|
|||||
| CVE-2004-1149 | 1 Broadcom | 1 Etrust Ez Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
|
|||||
| CVE-2004-1512 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.
|
|||||
| CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
|
|||||
| CVE-2002-0976 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
|
|||||
| CVE-2006-3378 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
|
|||||
| CVE-2000-0387 | 1 Alexander Siegel | 1 Golddig | 2025-04-03 | 2.1 LOW | N/A |
|
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
|
|||||
| CVE-2002-1664 | 1 Yahoo | 1 Messenger | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
|
|||||
| CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.2 HIGH | N/A |
|
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
|
|||||
| CVE-2005-4706 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.
|
|||||
| CVE-1999-0048 | 3 Debian, Ibm, Nec | 5 Netkit, Aix, Asl Ux 4800 and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
|
|||||
| CVE-2004-1730 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
|
|||||
| CVE-2004-0894 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
|
|||||