Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1027 | 3 Arjsoftware, Debian, Gentoo | 3 Unarj, Debian Linux, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. | |||||
| CVE-2002-1543 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. | |||||
| CVE-2006-0100 | 1 Nicosw | 1 Nicoftp | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to create or modify FTP accounts in this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-1999-0632 | 2025-04-03 | N/A | N/A | ||
| The RPC portmapper service is running. | |||||
| CVE-2004-2617 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI. | |||||
| CVE-2005-2471 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 7.5 HIGH | N/A |
| pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands. | |||||
| CVE-2005-0655 | 1 Arif Supriyanto | 1 Auracms | 2025-04-03 | 5.0 MEDIUM | N/A |
| auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | |||||
| CVE-2003-1157 | 1 Citrix | 1 Metaframe | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. | |||||
| CVE-2000-0229 | 4 Alessandro Rubini, Debian, Redhat and 1 more | 4 Gpm, Debian Linux, Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. | |||||
| CVE-2001-0504 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying. | |||||
| CVE-2006-4821 | 1 Drupal | 1 Drupal Userreview Module | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. | |||||
| CVE-2000-0891 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 7.5 HIGH | N/A |
| A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. | |||||
| CVE-2005-4095 | 1 Docebolms | 1 Docebolms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command. | |||||
| CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Predictable TCP sequence numbers allow spoofing. | |||||
| CVE-2001-0015 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
| Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. | |||||
| CVE-2006-3772 | 1 Php-post | 1 Php-post | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie. | |||||
| CVE-2005-1037 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | |||||
| CVE-2000-0811 | 1 Cgi Script Center | 1 Auction Weaver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. | |||||
| CVE-2006-2675 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. | |||||