Total
5257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2775 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | |||||
| CVE-2005-2071 | 1 Sun | 1 Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
| traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot). | |||||
| CVE-2002-0013 | 1 Snmp | 1 Snmp | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | |||||
| CVE-2006-0527 | 1 Isc | 1 Bind | 2025-04-03 | 7.5 HIGH | N/A |
| BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. | |||||
| CVE-2002-2363 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges. | |||||
| CVE-2002-2311 | 2 Microsoft, Opera Software | 2 Internet Explorer, Opera Web Browser | 2025-04-03 | 6.4 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue. | |||||
| CVE-2004-1193 | 1 Prevx | 1 Prevx Home | 2025-04-03 | 6.6 MEDIUM | N/A |
| Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable. | |||||
| CVE-2004-2693 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | |||||
| CVE-2006-1888 | 1 Phpgraphy | 1 Phpgraphy | 2025-04-03 | 6.8 MEDIUM | N/A |
| phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. | |||||
| CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2025-04-03 | 7.2 HIGH | N/A |
| Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | |||||
| CVE-2005-3179 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information. | |||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||||
| CVE-2005-4217 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. | |||||
| CVE-2002-2356 | 1 Hamweather | 1 Hamweather | 2025-04-03 | 6.4 MEDIUM | N/A |
| HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi. | |||||
| CVE-2006-2353 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
| NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | |||||
| CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2025-04-03 | 5.8 MEDIUM | N/A |
| The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. | |||||
| CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2002-2394 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. | |||||
| CVE-2006-1726 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. | |||||
| CVE-2005-4854 | 1 Ez | 1 Ez Publish | 2025-04-03 | 5.0 MEDIUM | N/A |
| eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders. | |||||