Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1010 | 1 Lotus | 1 Domino R4 | 2025-04-03 | 7.5 HIGH | N/A |
| Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses the web handlers. | |||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | |||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |||||
| CVE-2005-2525 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
| CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). | |||||
| CVE-2000-1220 | 2 Redhat, Sgi | 2 Linux, Irix | 2025-04-03 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. | |||||
| CVE-2006-3663 | 1 Finjan | 1 Vital Security | 2025-04-03 | 4.6 MEDIUM | N/A |
| Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6. | |||||
| CVE-2006-3803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
| Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. | |||||
| CVE-1999-0361 | 2025-04-03 | 10.0 HIGH | N/A | ||
| NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging. | |||||
| CVE-1999-1501 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
| (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands. | |||||
| CVE-2005-3981 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 4.9 MEDIUM | N/A |
| NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE | |||||
| CVE-2006-2967 | 1 Syworks | 1 Safenet | 2025-04-03 | 2.1 LOW | N/A |
| Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. | |||||
| CVE-1999-1288 | 4 Caldera, Redhat, Samba and 1 more | 4 Openlinux, Linux, Samba and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. | |||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2025-04-03 | 4.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | |||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-2054 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. | |||||
| CVE-2002-1533 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). | |||||
| CVE-2005-0097 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
| The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. | |||||
| CVE-2006-0907 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. | |||||
| CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||||
| CVE-2000-0322 | 1 Redhat | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
| The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters. | |||||