Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0012 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.1 LOW | N/A |
|
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
|
|||||
| CVE-2002-0276 | 1 Ettercap | 1 Ettercap | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.
|
|||||
| CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat.
|
|||||
| CVE-2000-0439 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
|
|||||
| CVE-2000-0956 | 1 Carnegie Mellon University | 1 Cyrus-sasl | 2025-04-03 | 4.6 MEDIUM | N/A |
|
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
|
|||||
| CVE-2001-0929 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
|
|||||
| CVE-2005-4397 | 1 Icms Content Management Systems | 1 Icms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.
|
|||||
| CVE-2005-4536 | 1 Debian | 1 Libmail-audit-perl | 2025-04-03 | 2.1 LOW | N/A |
|
Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.
|
|||||
| CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.
|
|||||
| CVE-2006-1138 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.
|
|||||
| CVE-2005-2477 | 1 Naxtor | 1 Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability.
|
|||||
| CVE-2005-1179 | 1 Xerox | 19 Workcentre, Workcentre 165, Workcentre 175 and 16 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703.
|
|||||
| CVE-2005-2779 | 1 Itan Online-banking Security System | 1 Itan Online-banking Security System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack.
|
|||||
| CVE-2005-1281 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
|
|||||
| CVE-2005-2396 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.
|
|||||
| CVE-2002-0594 | 3 Galeon, Mozilla, Netscape | 3 Galeon Browser, Mozilla, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
|
|||||
| CVE-2004-2405 | 1 F-secure | 4 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 1 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.
|
|||||
| CVE-2004-1206 | 1 Pntresmailer | 1 Pntresmailer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.
|
|||||
| CVE-2004-0986 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Fedora Core and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
|
|||||
| CVE-2004-2024 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
|
|||||
| CVE-2006-1135 | 1 Sblog | 1 Sblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php.
|
|||||
| CVE-2003-0128 | 1 Ximian | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
|
|||||
| CVE-2002-0803 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.
|
|||||
| CVE-2004-1297 | 1 Zack Smith | 1 Unrtf | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.
|
|||||
| CVE-2001-0432 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-0404 | 1 Mike Macgirvin | 1 Note-a-day Weblog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords.
|
|||||
| CVE-2006-4549 | 1 Chxo | 1 Feedsplitter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.
|
|||||
| CVE-2002-2077 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
|
|||||
| CVE-2006-1851 | 1 Skymarx Solutions | 1 Xflow | 2025-04-03 | 5.0 MEDIUM | N/A |
|
xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values.
|
|||||
| CVE-2006-3097 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
|
|||||
| CVE-2006-2335 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
|
|||||
| CVE-2002-0444 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
|
|||||
| CVE-2002-0863 | 1 Microsoft | 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
|
|||||
| CVE-2000-0780 | 1 Ipswitch | 1 Imail | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-3510 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
|
|||||
| CVE-2006-2472 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.
|
|||||
| CVE-2005-3868 | 1 Turn-k | 1 K-search | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
|
|||||
| CVE-2001-0311 | 1 Hp | 2 Hp-ux, Omniback Ii | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
|
|||||
| CVE-2004-1601 | 1 Coolphp | 1 Coolphp Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
|
|||||
| CVE-2004-1549 | 1 Onnuri Infotek | 1 Activepost Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.
|
|||||