Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1833 | 1 Borland Software | 1 Interbase | 2025-04-03 | 7.5 HIGH | N/A |
| The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. | |||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2025-04-03 | 7.5 HIGH | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | |||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | |||||
| CVE-2002-0531 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. | |||||
| CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2025-04-03 | 5.0 MEDIUM | N/A |
| phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-0724 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet. | |||||
| CVE-2006-0066 | 1 Phpjournaler | 1 Phpjournaler | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. | |||||
| CVE-2003-0477 | 1 Wzdftpd | 1 Wzdftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument. | |||||
| CVE-2005-0606 | 1 Devellion | 1 Cubecart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. | |||||
| CVE-2004-1658 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 4.6 MEDIUM | N/A |
| Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. | |||||
| CVE-2005-0759 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
| ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. | |||||
| CVE-2005-3741 | 1 Almondsoft | 1 Almond Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
| Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | |||||
| CVE-2003-1263 | 1 Brown Bear Software | 1 Ical | 2025-04-03 | 5.0 MEDIUM | N/A |
| ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name. | |||||
| CVE-2001-1126 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2002-1548 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called." | |||||
| CVE-2000-0124 | 1 Surfcontrol | 1 Superscout | 2025-04-03 | 2.1 LOW | N/A |
| surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. | |||||
| CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2003-0152 | 1 Mozilla | 1 Bonsai | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | |||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2025-04-03 | 7.5 HIGH | N/A |
| The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. | |||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||