Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0314 | 1 Freewebs | 1 Webzedit | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter.
|
|||||
| CVE-2005-2369 | 1 Ekg | 1 Ekg | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.4 MEDIUM | N/A |
|
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
|
|||||
| CVE-2005-4414 | 1 Open Lab | 1 Teamwork | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."
|
|||||
| CVE-2005-2916 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
|
|||||
| CVE-2002-0801 | 1 Macromedia | 1 Jrun | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
|
|||||
| CVE-2000-0515 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.
|
|||||
| CVE-2005-0018 | 1 F2c Open Source Project | 1 F2c Translator | 2025-04-03 | 2.1 LOW | N/A |
|
The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2001-0450 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
|
|||||
| CVE-2006-4137 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.
|
|||||
| CVE-2005-2288 | 1 Phpcounter | 1 Phpcounter | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.
|
|||||
| CVE-2001-0906 | 1 Tetex | 1 Tetex | 2025-04-03 | 6.2 MEDIUM | N/A |
|
teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.
|
|||||
| CVE-2005-1553 | 1 Geovision | 1 Digital Surveillance System | 2025-04-03 | 7.5 HIGH | N/A |
|
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
|
|||||
| CVE-2005-4588 | 1 Dream4 | 1 Koobi | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1234 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.
|
|||||
| CVE-2006-4789 | 1 Open Movie Editor | 1 Open Movie Editor | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
|
|||||
| CVE-2006-4921 | 1 Siteatschool | 1 Siteatschool | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.
|
|||||
| CVE-2005-1459 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error).
|
|||||
| CVE-2001-1237 | 1 Peaceworks Computer Consulting | 1 Phormation | 2025-04-03 | 7.5 HIGH | N/A |
|
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
|
|||||
| CVE-2006-3667 | 1 Sybase | 1 Financial Fusion Consumer Banking Solution | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors.
|
|||||
| CVE-2005-1344 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
|
|||||
| CVE-2006-3205 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.
|
|||||
| CVE-1999-0917 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
|
|||||
| CVE-2004-0976 | 1 Larry Wall | 1 Perl | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
|||||
| CVE-2001-1479 | 1 Sun | 1 Management\+center | 2025-04-03 | 2.1 LOW | N/A |
|
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
|
|||||
| CVE-2004-0953 | 1 Jabber Software Foundation | 1 Jabber Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.
|
|||||
| CVE-2006-4332 | 1 Wireshark | 1 Wireshark | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.
|
|||||
| CVE-2005-2189 | 1 Lantronix | 1 Securelinx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.
|
|||||
| CVE-2005-2784 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors.
|
|||||
| CVE-2004-2027 | 1 Icecast | 1 Icecast | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.
|
|||||
| CVE-2004-1715 | 1 Clearswift | 1 Mimesweeper For Web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
|
|||||
| CVE-2001-0396 | 1 Lightwave | 1 Consoleserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.
|
|||||
| CVE-2002-1083 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file listing, via .. (dot dot) sequences.
|
|||||
| CVE-2006-2778 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
|
|||||
| CVE-2006-4140 | 1 Ipcheck | 1 Server Monitor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).
|
|||||
| CVE-2002-0458 | 1 Linux-sottises | 1 News-tnk | 2025-04-03 | 7.6 HIGH | N/A |
|
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
|
|||||
| CVE-2005-3783 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash).
|
|||||
| CVE-2005-1942 | 1 Cisco | 1 Catalyst | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.
|
|||||
| CVE-2006-2933 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 4.6 MEDIUM | N/A |
|
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
|
|||||