Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1759 | 1 Shtool | 1 Shtool | 2025-04-03 | 1.2 LOW | N/A |
| Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. | |||||
| CVE-2004-2158 | 1 S9y | 1 Serendipity | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. | |||||
| CVE-2001-0312 | 1 Ibm | 1 Websphere Plugin | 2025-04-03 | 5.0 MEDIUM | N/A |
| IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing. | |||||
| CVE-2000-0402 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 2.1 LOW | N/A |
| The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | |||||
| CVE-2005-0893 | 1 Smail | 1 Smail | 2025-04-03 | 7.6 HIGH | N/A |
| modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc. | |||||
| CVE-2001-1071 | 1 Cisco | 2 Catos, Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. | |||||
| CVE-2005-3564 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors. | |||||
| CVE-2004-0669 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 7.5 HIGH | N/A |
| Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command. | |||||
| CVE-2002-1645 | 1 Ssh | 1 Ssh2 | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the URL catcher feature for SSH Secure Shell for Workstations client 3.1 to 3.2.0 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2005-3594 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
| game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | |||||
| CVE-2002-1190 | 1 Cisco | 1 Unity Server | 2025-04-03 | 7.5 HIGH | N/A |
| Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. | |||||
| CVE-2004-1965 | 1 Openbb | 1 Openbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. | |||||
| CVE-1999-1525 | 1 Macromedia | 1 Shockwave Flash Plugin | 2025-04-03 | 5.1 MEDIUM | N/A |
| Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie. | |||||
| CVE-1999-0263 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
| Solaris SUNWadmap can be exploited to obtain root access. | |||||
| CVE-2006-3352 | 1 Mozilla | 1 Firefox | 2025-04-03 | 6.4 MEDIUM | N/A |
| Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status | |||||
| CVE-2004-1682 | 1 Qnx | 1 Rtp | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command. | |||||
| CVE-2005-3661 | 1 Dell | 1 Truemobile 2300 Wireless Broadband Router | 2025-04-03 | 5.0 MEDIUM | N/A |
| Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi with the Page parameter set to adv_password.asp. | |||||
| CVE-2003-1049 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 4.6 MEDIUM | N/A |
| IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | |||||
| CVE-2006-0464 | 1 Ideosoft Design | 1 Ideocontent Manager | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. | |||||
| CVE-2005-2302 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 2.1 LOW | N/A |
| PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion. | |||||