Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2025-04-03 | 6.8 MEDIUM | N/A |
| sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | |||||
| CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2025-04-03 | 4.6 MEDIUM | N/A |
| Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | |||||
| CVE-1999-0701 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. | |||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | |||||
| CVE-2003-1422 | 1 Gentoo | 1 Syslinux | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | |||||
| CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.1 HIGH | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||||
| CVE-2006-3677 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | |||||
| CVE-2003-1341 | 1 Trend Micro | 2 Officescan, Virus Buster | 2025-04-03 | 7.5 HIGH | N/A |
| The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe. | |||||
| CVE-1999-0858 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. | |||||
| CVE-2002-2335 | 1 John Drake | 1 Killer Protection | 2025-04-03 | 5.0 MEDIUM | N/A |
| Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php. | |||||
| CVE-2003-1449 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2025-04-03 | 7.5 HIGH | N/A |
| Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection. | |||||
| CVE-2003-1357 | 2 Microsoft, Replicom | 2 Windows Nt, Proxyview | 2025-04-03 | 10.0 HIGH | N/A |
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | |||||
| CVE-2002-2331 | 1 Cascadesoft | 1 W3mail | 2025-04-03 | 5.8 MEDIUM | N/A |
| W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments. | |||||
| CVE-1999-0886 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 9.0 HIGH | N/A |
| The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | |||||
| CVE-2005-4845 | 1 Sun | 1 Java Plug-in | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | |||||
| CVE-2002-2285 | 1 Broadcom | 1 Inoculateit | 2025-04-03 | 4.3 MEDIUM | N/A |
| eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection. | |||||
| CVE-2003-1452 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 3.6 LOW | N/A |
| Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. | |||||
| CVE-1999-0766 | 1 Microsoft | 2 Internet Explorer, Java Virtual Machine | 2025-04-03 | 9.3 HIGH | N/A |
| The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. | |||||