Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0698 | 1 Jason Hines | 1 Phpweblog | 2025-04-03 | 4.6 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2002-1786 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information.
|
|||||
| CVE-1999-1501 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.
|
|||||
| CVE-2004-2656 | 1 Open Source Development Network | 1 Slashcode | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
|
|||||
| CVE-2006-0145 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
|
|||||
| CVE-2005-3573 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2000-0131 | 1 Jgaa | 1 Warftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
|
|||||
| CVE-2002-0215 | 1 Steve Kneizys | 1 Agora.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message.
|
|||||
| CVE-2006-2696 | 1 Easy-content Forums | 1 Easy-content Forums | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.
|
|||||
| CVE-1999-1399 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.
|
|||||
| CVE-2002-0026 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
|
|||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2004-2462 | 1 Cplay | 1 Cplay | 2025-04-03 | 4.6 MEDIUM | N/A |
|
cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file.
|
|||||
| CVE-2005-0816 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
|
|||||
| CVE-2006-0921 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
|
|||||
| CVE-2006-4612 | 1 John Andersson | 1 Zixforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
|
|||||
| CVE-2005-4203 | 1 Logisphere | 1 Logisphere | 2025-04-03 | 7.8 HIGH | N/A |
|
LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this description accurately reflects the discloser's claim and is distinct from the XSS issue.
|
|||||
| CVE-2006-3095 | 1 Ipostmx | 1 Ipostmx 2005 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm.
|
|||||
| CVE-2006-4228 | 1 Symantec Veritas | 1 Netbackup Puredisk Remote Office Edition | 2025-04-03 | 9.0 HIGH | N/A |
|
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface.
|
|||||
| CVE-2005-1128 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
|
|||||
| CVE-2005-3949 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php.
|
|||||
| CVE-2005-1265 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).
|
|||||
| CVE-2001-0318 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
|
|||||
| CVE-2005-1587 | 1 Open Solution | 1 Quick.cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.
|
|||||
| CVE-2004-0958 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
|
|||||
| CVE-2005-1910 | 1 Wwweb Concepts | 1 Events System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password.
|
|||||
| CVE-1999-0560 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
A system-critical Windows NT file or directory has inappropriate permissions.
|
|||||
| CVE-1999-0172 | 1 Matt Wright | 1 Formmail | 2025-04-03 | 7.5 HIGH | N/A |
|
FormMail CGI program allows remote execution of commands.
|
|||||
| CVE-2005-3636 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
|
|||||
| CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
|
|||||
| CVE-2005-0959 | 1 Yepyep | 1 Mtftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path.
|
|||||
| CVE-2005-3407 | 1 Butterfat | 1 Phpesp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2004-2600 | 2 Hp, Intel | 22 Carrier Grade Server Cc2300, Carrier Grade Server Cc3300, Carrier Grade Server Cc3310 and 19 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.
|
|||||
| CVE-2000-0104 | 1 Web Express | 1 Shoptron | 2025-04-03 | 7.5 HIGH | N/A |
|
The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2005-1248 | 1 Apple | 1 Itunes | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
|
|||||
| CVE-2006-1331 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.
|
|||||
| CVE-2005-2384 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.
|
|||||
| CVE-2004-1174 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
|
|||||
| CVE-2005-0767 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 6.9 MEDIUM | N/A |
|
Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.
|
|||||
| CVE-2005-0703 | 1 Xerox | 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
|
|||||