Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1673 | 1 Jelsoft | 1 Vbug Tracker | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. | |||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | |||||
| CVE-1999-0482 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| OpenBSD kernel crash through TSS handling, as caused by the crashme program. | |||||
| CVE-2006-2147 | 1 Resmgr | 1 Resmgrd | 2025-04-03 | 3.6 LOW | N/A |
| resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different vulnerability than CVE-2005-4788. | |||||
| CVE-2006-3263 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-2005-1485 | 1 Kmint21 Software | 1 Golden Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message. | |||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2025-04-03 | 2.6 LOW | N/A |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | |||||
| CVE-2005-1808 | 1 Firefly Studios | 1 Stronghold 2 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception. | |||||
| CVE-2002-1151 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
| The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. | |||||
| CVE-1999-1560 | 1 Tamu | 1 Tiger | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in a script in Texas A&M University (TAMU) Tiger allows local users to execute arbitrary commands as the Tiger user, usually root. | |||||
| CVE-2004-0280 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. | |||||
| CVE-2002-0759 | 1 Bzip | 1 Bzip2 | 2025-04-03 | 5.0 MEDIUM | N/A |
| bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | |||||
| CVE-2002-1134 | 1 Hp | 1 Webes Service Tools | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. | |||||
| CVE-2006-4063 | 1 Csaba Godor | 1 Sapid Blog Beta 2 | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. | |||||
| CVE-2000-0192 | 1 Caldera | 1 Openlinux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. | |||||
| CVE-2005-0066 | 1 Tcp | 1 Tcp | 2025-04-03 | 5.0 MEDIUM | N/A |
| The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2005-1323 | 1 Intersoft | 1 Netterm | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2000-0316 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. | |||||
| CVE-2006-1598 | 1 An | 1 An-httpd | 2025-04-03 | 7.8 HIGH | N/A |
| AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension. | |||||