Total
29866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
| memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | |||||
| CVE-2005-3887 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.4 MEDIUM | N/A |
| Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:". | |||||
| CVE-2001-0421 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 6.4 MEDIUM | N/A |
| FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. | |||||
| CVE-2002-0943 | 1 Metalinks | 1 Metacart2.sql | 2025-04-03 | 6.4 MEDIUM | N/A |
| MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb. | |||||
| CVE-1999-1048 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. | |||||
| CVE-1999-1240 | 1 Gracenote | 1 Cddbd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message. | |||||
| CVE-2004-0047 | 1 Yamamoto Hirotaka | 1 Trr19 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges. | |||||
| CVE-2001-0926 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. | |||||
| CVE-2006-0508 | 1 Easy Cms | 1 Easy Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory. | |||||
| CVE-2005-3550 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter. | |||||
| CVE-2004-2201 | 1 Duware | 1 Duforum | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. | |||||
| CVE-2005-0131 | 1 Berlios | 1 Konversation | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. | |||||
| CVE-2005-1931 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character. | |||||
| CVE-2005-2870 | 1 Sun | 1 Solaris | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | |||||
| CVE-2005-0130 | 1 Berlios | 1 Konversation | 2025-04-03 | 7.5 HIGH | N/A |
| Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts. | |||||
| CVE-2005-2776 | 1 Looking Glass | 1 Looking Glass | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php. | |||||
| CVE-2005-0391 | 1 Daniel De Rauglaudre | 1 Geneweb | 2025-04-03 | 5.0 MEDIUM | N/A |
| geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files. | |||||
| CVE-2000-0127 | 1 Progress | 1 Webspeed | 2025-04-03 | 7.5 HIGH | N/A |
| The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | |||||
| CVE-2002-0736 | 1 Microsoft | 1 Backoffice | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | |||||