Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | |||||
| CVE-2003-0511 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. | |||||
| CVE-2006-1211 | 1 Micromuse | 1 Netcool Neusecure | 2025-04-03 | 7.5 HIGH | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | |||||
| CVE-2005-0326 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
| pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script. | |||||
| CVE-2002-1391 | 1 Gert Doering | 1 Mgetty | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. | |||||
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2025-04-03 | 3.6 LOW | N/A |
| The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | |||||
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | |||||
| CVE-1999-0582 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | |||||
| CVE-2005-3343 | 1 Tkdiff | 1 Tkdiff | 2025-04-03 | 4.6 MEDIUM | N/A |
| tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-2462 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. | |||||
| CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2025-04-03 | 5.0 MEDIUM | N/A |
| OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | |||||
| CVE-2004-1410 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229. | |||||
| CVE-1999-0074 | 4 Freebsd, Linux, Microsoft and 1 more | 4 Freebsd, Linux Kernel, Windows Nt and 1 more | 2025-04-03 | 6.4 MEDIUM | N/A |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. | |||||
| CVE-2002-0968 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name. | |||||
| CVE-2004-2428 | 1 Abczone.it | 1 Wwwguestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password. | |||||
| CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 10.0 HIGH | N/A |
| Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | |||||
| CVE-2005-3415 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable. | |||||
| CVE-2002-0413 | 1 Rebb | 1 Rebb | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | |||||
| CVE-2005-1283 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | |||||
| CVE-2005-3465 | 2 Jdedwards, Oracle | 2 Oneworld Xe, Enterpriseone | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01. | |||||