Total
29870 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1472 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-2006-1137 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports". | |||||
| CVE-2005-1989 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". | |||||
| CVE-2000-0165 | 1 Etl | 1 Delegate | 2025-04-03 | 7.5 HIGH | N/A |
| The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. | |||||
| CVE-1999-0311 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| fpkg2swpk in HP-UX allows local users to gain root access. | |||||
| CVE-2003-1094 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.2 HIGH | N/A |
| BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges. | |||||
| CVE-2002-1786 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
| SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information. | |||||
| CVE-2000-0688 | 1 Cgi Script Center | 1 Subscribe Me Lite | 2025-04-03 | 7.5 HIGH | N/A |
| Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter. | |||||
| CVE-2005-4061 | 1 Xcent | 1 Xcphotoblbum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. | |||||
| CVE-2002-0591 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename. | |||||
| CVE-2004-1033 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2025-04-03 | 2.1 LOW | N/A |
| Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. | |||||
| CVE-2006-1226 | 1 Drupal | 1 Drupal | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2004-2156 | 1 Recruitment Agency Software | 1 Online Recruitment Agency | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors. | |||||
| CVE-2000-0434 | 1 Matthew Redman | 1 Allmanage | 2025-04-03 | 7.5 HIGH | N/A |
| The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers. | |||||
| CVE-2003-1502 | 1 Snert.com | 1 Mod Throttle | 2025-04-03 | 4.6 MEDIUM | N/A |
| mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges. | |||||
| CVE-2002-0247 | 1 Wliang | 1 Wmtv | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. | |||||
| CVE-2005-0846 | 1 Netwin | 1 Surgemail | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. | |||||
| CVE-2004-2443 | 1 Jaws | 1 Jaws | 2025-04-03 | 7.5 HIGH | N/A |
| Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php. | |||||
| CVE-2005-3986 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php. | |||||