Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0597 | 1 Zetetic Enterprises | 1 Strip | 2025-04-03 | 7.2 HIGH | N/A |
|
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
|
|||||
| CVE-2003-1502 | 1 Snert.com | 1 Mod Throttle | 2025-04-03 | 4.6 MEDIUM | N/A |
|
mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
|
|||||
| CVE-2006-0666 | 1 Ibm | 1 Aix | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
|
|||||
| CVE-2005-2050 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space.
|
|||||
| CVE-2001-1519 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 3.6 LOW | N/A |
|
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
|
|||||
| CVE-2005-0842 | 1 Kayako | 1 Esupport | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.
|
|||||
| CVE-2003-1238 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
|
|||||
| CVE-2006-2848 | 1 Full Revolution | 1 Aspweblinks | 2025-04-03 | 5.0 MEDIUM | N/A |
|
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.
|
|||||
| CVE-2004-2566 | 1 Liveworld | 4 Livechat, Livefocusgroup, Liveforum and 1 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa.
|
|||||
| CVE-1999-0962 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.
|
|||||
| CVE-2000-0648 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
|
|||||
| CVE-2005-0832 | 1 Php-post | 1 Php-post Web Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2005-4078 | 1 Ideal Science | 1 Ideal Bb.net | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) forumID, (2) boardID, and (3) topicRepeater1-p parameters in topics.aspx, (4) boardID parameter in categoryindex.aspx, (5) postID parameter in posts.aspx, (6) catID parameter in forums.aspx, and (7) memberID parameter in member.aspx.
|
|||||
| CVE-2002-0067 | 2 Redhat, Squid | 2 Linux, Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2005-3452 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13.
|
|||||
| CVE-2006-0785 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
|
|||||
| CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
|
|||||
| CVE-1999-1388 | 1 Sun | 1 Sunos | 2025-04-03 | 6.2 MEDIUM | N/A |
|
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
|
|||||
| CVE-2006-1921 | 1 Php Net Tools | 1 Php Net Tools | 2025-04-03 | 6.4 MEDIUM | N/A |
|
nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.
|
|||||
| CVE-2006-3615 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.
|
|||||
| CVE-2000-0532 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
|
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
|
|||||
| CVE-2006-0372 | 1 Insane Visions | 1 Blogphp | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.
|
|||||
| CVE-2002-1734 | 1 Aspbin | 1 Newspro | 2025-04-03 | 10.0 HIGH | N/A |
|
NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true".
|
|||||
| CVE-2004-0236 | 1 Steelid | 1 Thephototool | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.
|
|||||
| CVE-2004-0839 | 3 Avaya, Microsoft, Nortel | 18 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 15 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
|
|||||
| CVE-2005-0214 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.
|
|||||
| CVE-2002-1782 | 1 University Of Washington | 1 Uw-imap | 2025-04-03 | 2.1 LOW | N/A |
|
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
|
|||||
| CVE-2001-1087 | 1 Network Appliance | 1 Netcache | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
|
|||||
| CVE-2005-1164 | 1 Yager Development | 1 Yager Game | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.
|
|||||
| CVE-2005-0853 | 1 Betaparticle | 1 Betaparticle Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.
|
|||||
| CVE-2002-0357 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges.
|
|||||
| CVE-2001-1565 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
|
|||||
| CVE-2005-0216 | 1 Woltlab | 1 Burning Board Lite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter.
|
|||||
| CVE-2006-0073 | 1 Discusware | 2 Discus Freeware, Discus Professional | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4545 | 1 Modulebased Cms | 1 Modulebased Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker
|
|||||
| CVE-2002-1201 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.
|
|||||
| CVE-2006-2498 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
|
|||||
| CVE-1999-0973 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
|
|||||
| CVE-2006-1475 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
|
|||||
| CVE-2006-4601 | 1 Annuaire | 1 1two | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||