Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1878 | 1 Giptables | 1 Giptables Firewall | 2025-04-03 | 1.2 LOW | N/A |
|
GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file.
|
|||||
| CVE-2001-0035 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
|
|||||
| CVE-2004-0725 | 1 Moodle | 1 Moodle | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
|||||
| CVE-2006-3817 | 1 Novell | 1 Groupwise Webaccess | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
|
|||||
| CVE-2005-0204 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.
|
|||||
| CVE-2005-1545 | 1 Ht Editor | 1 Ht Editor | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2006-2019 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
|
|||||
| CVE-2004-1431 | 1 Joe Lumbroso | 1 Jacks Formmail.php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.
|
|||||
| CVE-2001-1406 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.1 LOW | N/A |
|
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
|
|||||
| CVE-2004-2361 | 1 Digital Reality | 2 Desert Rats Vs. Afrika Korps, Haegemonia | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0, allows remote attackers to cause a denial of service (crash) via a chat message with a large message size, which triggers an out-of-bounds read.
|
|||||
| CVE-1999-0281 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in IIS using long URLs.
|
|||||
| CVE-2002-1157 | 1 Mod Ssl | 1 Mod Ssl | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
|
|||||
| CVE-2005-4178 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
|
|||||
| CVE-2006-0075 | 1 Gnu | 1 Phpbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
|
|||||
| CVE-1999-0587 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.
|
|||||
| CVE-2002-1985 | 1 Incognito Software Inc | 1 Ismtp Gateway | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.
|
|||||
| CVE-2001-0379 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
|
|||||
| CVE-2005-1635 | 1 Jgs-xa | 1 Jgs-portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to (1) jgs_portal_ref.php, (2) jgs_portal_land.php, (3) jgs_portal_log.php, (4) jgs_portal_global_sponsor.php, (5) jgs_portal_global.php, (6) jgs_portal_system.php, (7) jgs_portal_views.php; or multiple files in the jgs_portal_include directory, including (8) jgs_portal_boardmenue.php, (9) jgs_portal_forenliste.php, (10) jgs_portal_geburtstag.php, (11) jgs_portal_guckloch.php, (12) jgs_ ...
Show More |
|||||
| CVE-2005-0236 | 1 Omnigroup | 1 Omniweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
|
|||||
| CVE-2005-2433 | 1 Tincan | 1 Phplist | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin direct ...
Show More |
|||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2025-04-03 | 2.1 LOW | N/A |
|
aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
|
|||||
| CVE-2005-0193 | 1 Isync | 1 Mrouter | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code.
|
|||||
| CVE-2004-2031 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.
|
|||||
| CVE-2004-0633 | 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more | 5 Ethereal, Linux, Mandrake Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
|
|||||
| CVE-2004-1052 | 3 Bnc, Debian, Gentoo | 3 Bnc, Debian Linux, Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
|
|||||
| CVE-2004-1331 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
|
|||||
| CVE-2001-0981 | 1 Hp | 1 Cifs-9000 Server | 2025-04-03 | 10.0 HIGH | N/A |
|
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
|
|||||
| CVE-2002-0971 | 3 Att, Tightvnc, Tridia | 3 Winvnc Server, Tightvnc, Tridiavnc | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box.
|
|||||
| CVE-2000-0941 | 1 Kootenay Web Inc | 1 Kootenay Web Inc Whois | 2025-04-03 | 10.0 HIGH | N/A |
|
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.
|
|||||
| CVE-2003-0900 | 1 Larry Wall | 1 Perl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
|
|||||
| CVE-1999-0421 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.
|
|||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
|
|||||
| CVE-2005-3634 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
|
|||||
| CVE-2001-0633 | 1 Sun | 1 Chilisoft | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.
|
|||||
| CVE-2004-1038 | 1 Ieee | 1 Firewire Ieee | 2025-04-03 | 7.2 HIGH | N/A |
|
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
|
|||||
| CVE-2002-1476 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
|
|||||
| CVE-2001-1549 | 1 Tiny Software | 1 Tiny Personal Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
|
|||||
| CVE-2005-4204 | 1 Logisphere | 1 Logisphere | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS.
|
|||||
| CVE-2003-0447 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated.
|
|||||
| CVE-1999-0842 | 1 Symantec | 1 Mail-gear | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.
|
|||||