Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0676 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter.
|
|||||
| CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2001-1427 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
|
|||||
| CVE-2001-0093 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.
|
|||||
| CVE-2001-1243 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
|
|||||
| CVE-2004-2113 | 1 Herberlin | 1 Bremsserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2003-0927 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
|
|||||
| CVE-2004-1801 | 1 Pwebserver | 1 Pwebserver Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2005-3097 | 1 Avi Alkalay | 1 Contribute.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable.
|
|||||
| CVE-2003-0236 | 1 Mirabilis | 1 Icq | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers.
|
|||||
| CVE-2003-0312 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
|
|||||
| CVE-2002-0438 | 1 Zyxel | 1 Zywall10 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
|
|||||
| CVE-2004-0340 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
|
|||||
| CVE-2004-2611 | 1 Steven Schaefer | 1 Sophster | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.
|
|||||
| CVE-2006-1867 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02.
|
|||||
| CVE-2001-0492 | 1 Netcruiser Software | 1 Netcruiser Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3.
|
|||||
| CVE-2005-3671 | 3 Frees Wan, Openswan, Xelerance | 3 Frees Wan, Openswan, Openswan | 2025-04-03 | 7.8 HIGH | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
|
|||||
| CVE-2005-3675 | 1 Tcp | 1 Tcp | 2025-04-03 | 7.8 HIGH | N/A |
|
The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth.
|
|||||
| CVE-2000-0317 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
|
|||||
| CVE-2006-2391 | 1 Emc | 1 Retrospect Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.
|
|||||
| CVE-2003-0480 | 1 Vmware | 1 Workstation | 2025-04-03 | 3.7 LOW | N/A |
|
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
|
|||||
| CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 10.0 HIGH | N/A |
|
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
|
|||||
| CVE-1999-0734 | 1 Cisco | 1 Ciscosecure | 2025-04-03 | 7.5 HIGH | N/A |
|
A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.
|
|||||
| CVE-2002-0320 | 1 Yahoo | 1 Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.
|
|||||
| CVE-2000-0670 | 1 Cvsweb Developer | 1 Cvsweb | 2025-04-03 | 7.2 HIGH | N/A |
|
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2006-1635 | 1 Lucidcms | 1 Lucidcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucid_phplib/translator.php, which reveals the path in an error message.
|
|||||
| CVE-2001-0674 | 1 Robtex | 1 Viking Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request.
|
|||||
| CVE-2004-2417 | 1 Smtp.proxy | 1 Smtp.proxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message.
|
|||||
| CVE-2004-2451 | 1 Gamespy | 3 Roger Wilco Dedicated Server, Roger Wilco Graphical Server, Rw Base Station | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug.
|
|||||
| CVE-2002-2046 | 1 Xqus | 1 X-news | 2025-04-03 | 7.5 HIGH | N/A |
|
x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.
|
|||||
| CVE-2000-0930 | 1 David Harris | 1 Pegasus Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.
|
|||||
| CVE-2002-1855 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
|
|||||
| CVE-2004-0505 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
|
|||||
| CVE-2000-0753 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
|
|||||
| CVE-2001-1147 | 1 Andries Brouwer | 1 Util-linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
|
|||||
| CVE-2002-0713 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.
|
|||||
| CVE-2006-1370 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
|
|||||
| CVE-2006-2171 | 1 Jgaa | 1 Warftpd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer.
|
|||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
|
|||||
| CVE-2002-0669 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs.
|
|||||