Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1026 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 9.3 HIGH | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | |||||
| CVE-2002-2407 | 1 Qnx | 1 Rtos | 2025-04-03 | 6.9 MEDIUM | N/A |
| Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed. | |||||
| CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | |||||
| CVE-2003-1515 | 1 Origo | 2 Asr-8100, Asr-8400 | 2025-04-03 | 7.8 HIGH | N/A |
| Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults. | |||||
| CVE-2006-0700 | 1 Imagevue | 1 Imagevue | 2025-04-03 | 5.0 MEDIUM | N/A |
| imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions. | |||||
| CVE-2004-2693 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | |||||
| CVE-2005-2071 | 1 Sun | 1 Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
| traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot). | |||||
| CVE-2006-3697 | 3 Agnitum, Lavasoft, Novell | 3 Outpost Firewall, Lavasoft Personal Firewall, Client Firewall | 2025-04-03 | 7.2 HIGH | N/A |
| Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall. | |||||
| CVE-2002-2254 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted. | |||||
| CVE-2006-0023 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 4.3 MEDIUM | N/A |
| Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. | |||||
| CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
| The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||||
| CVE-2002-2401 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | 3.6 LOW | N/A |
| NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. | |||||
| CVE-2006-0114 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. | |||||
| CVE-2005-1425 | 1 Uapplication | 1 Uguestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. | |||||
| CVE-2006-2373 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2025-04-03 | 7.2 HIGH | N/A |
| Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||||
| CVE-2002-2265 | 2 Hp, Open Source Internet Solutions | 2 Tru64, Open Source Internet Solutions | 2025-04-03 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors. | |||||
| CVE-2002-2395 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. | |||||
| CVE-2005-4853 | 1 Ez | 1 Ez Publish | 2025-04-03 | 9.4 HIGH | N/A |
| The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings. | |||||
| CVE-2004-2718 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | 4.3 MEDIUM | N/A |
| PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request. | |||||