Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0034 | 1 Jean-jacques Sarton | 1 Mtink | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.
|
|||||
| CVE-2004-0109 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
|
|||||
| CVE-2003-0106 | 1 Symantec | 1 Enterprise Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
|
|||||
| CVE-2006-4007 | 1 Knusperleicht | 1 Knusperleicht Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.
|
|||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter.
|
|||||
| CVE-2004-2638 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 7.5 HIGH | N/A |
|
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
|
|||||
| CVE-2004-1062 | 1 Viewcvs | 1 Viewcvs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages.
|
|||||
| CVE-2004-2159 | 1 Xmlstarlet | 1 Command Line Xml Toolkit | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.
|
|||||
| CVE-2006-0422 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
|
|||||
| CVE-2005-2955 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 4.6 MEDIUM | N/A |
|
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
|
|||||
| CVE-2005-0346 | 1 Safenet | 1 Softremote Vpn Client | 2025-04-03 | 2.1 LOW | N/A |
|
SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.
|
|||||
| CVE-2006-1569 | 1 Redcms | 1 Redcms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php.
|
|||||
| CVE-1999-0683 | 1 Network Associates | 1 Gauntlet Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Gauntlet Firewall via a malformed ICMP packet.
|
|||||
| CVE-2001-0711 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
|
|||||
| CVE-2002-0897 | 1 Intranet-server | 1 Localweb2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.
|
|||||
| CVE-2004-0279 | 1 Aim Sniff | 1 Aim Sniff | 2025-04-03 | 7.2 HIGH | N/A |
|
AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.
|
|||||
| CVE-2004-1770 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 10.0 HIGH | N/A |
|
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
|
|||||
| CVE-2002-0123 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2025-04-03 | 7.5 HIGH | N/A |
|
MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
|
|||||
| CVE-1999-1199 | 1 Apache | 1 Http Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
|
|||||
| CVE-2000-0014 | 1 Michael Lamont | 1 Savant Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Savant web server via a null character in the requested URL.
|
|||||
| CVE-2004-2398 | 1 Netenberg | 1 Fantastico De Luxe | 2025-04-03 | 2.1 LOW | N/A |
|
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
|
|||||
| CVE-2005-0633 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
|
|||||
| CVE-2004-1792 | 1 Yatsoft | 1 Switch Off | 2025-04-03 | 5.0 MEDIUM | N/A |
|
swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000).
|
|||||
| CVE-2005-1649 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
|
|||||
| CVE-2004-1959 | 1 Protector System | 1 Protector System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message.
|
|||||
| CVE-2006-0837 | 1 Micromuse | 1 Netcool Neusecure | 2025-04-03 | 2.1 LOW | N/A |
|
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
|
|||||
| CVE-2002-0225 | 1 Cisco | 1 Tacacs\+ | 2025-04-03 | 4.6 MEDIUM | N/A |
|
tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.
|
|||||
| CVE-2004-1902 | 1 Citrix | 1 Metaframe Password Manager | 2025-04-03 | 2.1 LOW | N/A |
|
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
|
|||||
| CVE-2005-4548 | 1 Rws | 1 Statistics Counter | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2002-0260 | 1 Instantservers Inc. | 1 Miniportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility.
|
|||||
| CVE-2006-4793 | 1 Tualblog | 1 Tualblog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter.
|
|||||
| CVE-2006-4363 | 1 Cropimage Component | 1 Cropimage Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.
|
|||||
| CVE-2005-0888 | 1 Michael Dean | 1 Double Choco Latte | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.
|
|||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter.
|
|||||
| CVE-2002-1674 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 1.2 LOW | N/A |
|
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
|
|||||
| CVE-1999-0416 | 1 Cisco | 1 Cisco 7xx Routers | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
|
|||||
| CVE-2003-0757 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.
|
|||||
| CVE-2004-0805 | 2 Mandrakesoft, Mpg123 | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mpg123 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
|
|||||
| CVE-2006-2401 | 1 Outgun | 1 Outgun | 2025-04-03 | 7.8 HIGH | N/A |
|
The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read.
|
|||||
| CVE-2004-1944 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.
|
|||||