Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1242 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges. | |||||
| CVE-2001-0702 | 1 Grant Averett | 1 Ceberus Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command. | |||||
| CVE-2004-0917 | 1 Vignette | 1 Application Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag. | |||||
| CVE-2005-1636 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
| mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents. | |||||
| CVE-2005-3781 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | |||||
| CVE-2005-1049 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. | |||||
| CVE-2006-3017 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
| zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. | |||||
| CVE-2004-1097 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL. | |||||
| CVE-2005-4624 | 1 Ptnet | 1 Ptnet Ircd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | |||||
| CVE-2005-0440 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 7.5 HIGH | N/A |
| ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL. | |||||
| CVE-2006-4488 | 1 Exbb | 1 Exbb Italia | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter. | |||||
| CVE-2001-1321 | 1 Oracle | 1 Internet Directory | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2004-0197 | 1 Microsoft | 1 Jet | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. | |||||
| CVE-2000-1150 | 1 Xavier Ducrohet | 1 Felix | 2025-04-03 | 5.0 MEDIUM | N/A |
| Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. | |||||
| CVE-2005-3310 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 3.5 LOW | N/A |
| Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB. | |||||
| CVE-2004-1879 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. | |||||
| CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | |||||
| CVE-2004-2299 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. | |||||
| CVE-2006-0157 | 1 Reamday Enterprises | 1 Magic News Plus | 2025-04-03 | 5.0 MEDIUM | N/A |
| settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. | |||||
| CVE-2005-3029 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive. | |||||