Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2499 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."
|
|||||
| CVE-2005-3916 | 1 Wsn Forum | 1 Wsn Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action.
|
|||||
| CVE-2002-0501 | 1 Posadis | 1 Posadis | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
|
|||||
| CVE-2002-0825 | 1 Padl Software | 1 Nss Ldap | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2006-3204 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.
|
|||||
| CVE-2004-2582 | 1 Novell | 1 Ichain | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2001-0784 | 1 Icecast | 1 Icecast | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
|
|||||
| CVE-2005-1610 | 1 Tru-zone | 1 Nukeet | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.
|
|||||
| CVE-2004-0745 | 1 Tsugio Okamoto | 1 Lha | 2025-04-03 | 10.0 HIGH | N/A |
|
LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.
|
|||||
| CVE-2004-2010 | 1 Phpshop | 1 Phpshop | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.
|
|||||
| CVE-2006-2082 | 1 Id Software | 1 Quake 3 Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.
|
|||||
| CVE-1999-0498 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
|
|||||
| CVE-2001-1202 | 1 Delegate | 1 Delegate | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.
|
|||||
| CVE-2005-0480 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file.
|
|||||
| CVE-2002-1956 | 1 Rox | 1 Filer | 2025-04-03 | 2.1 LOW | N/A |
|
ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.
|
|||||
| CVE-2003-0975 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
|
|||||
| CVE-2005-1718 | 1 Ls Games | 1 War Times | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname.
|
|||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.
|
|||||
| CVE-2006-3330 | 1 Deltascripts | 1 Php Classifieds | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.
|
|||||
| CVE-2006-1016 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
|
|||||
| CVE-2005-1703 | 1 Black Cactus | 1 Warrior Kings Battles | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference.
|
|||||
| CVE-2001-0364 | 1 Ssh | 1 Ssh2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.
|
|||||
| CVE-2006-3557 | 1 Mt Orumcek | 1 Mt Orumcek Toplist | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
|
|||||
| CVE-2006-2231 | 1 Big Webmaster | 1 Big Webmaster Guestbook Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.
|
|||||
| CVE-2006-1926 | 1 Thwboard | 1 Thwboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter.
|
|||||
| CVE-2006-4540 | 1 Learn.com | 1 Learncenter | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-1999-0322 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The open() function in FreeBSD allows local attackers to write to arbitrary files.
|
|||||
| CVE-2005-2122 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
|
|||||
| CVE-2005-0182 | 1 Mod Dosevasive | 1 Mod Dosevasive | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
|
|||||
| CVE-1999-0741 | 1 Qms | 1 Crownnet Unix Utilities | 2025-04-03 | 10.0 HIGH | N/A |
|
QMS CrownNet Unix Utilities for 2060 allows root to log on without a password.
|
|||||
| CVE-2005-2874 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.
|
|||||
| CVE-2001-0473 | 5 Conectiva, Immunix, Mandrakesoft and 2 more | 5 Linux, Immunix, Mandrake Linux and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
|
|||||
| CVE-2001-0912 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
|
|||||
| CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2025-04-03 | 7.5 HIGH | N/A |
|
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.
|
|||||
| CVE-2005-2382 | 1 Oray | 1 Peanuthull | 2025-04-03 | 7.2 HIGH | N/A |
|
Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality.
|
|||||
| CVE-2001-1417 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
|
|||||
| CVE-2005-3943 | 1 Faq System | 1 Faq System | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php.
|
|||||
| CVE-2002-1267 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
|
|||||
| CVE-2003-0193 | 1 Catdoc | 1 Catdoc | 2025-04-03 | 2.1 LOW | N/A |
|
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").
|
|||||