Total
29551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1062 | 1 Kerio | 3 Kerio Mailserver, Personal Firewall, Winroute Firewall | 2025-04-03 | 7.5 HIGH | N/A |
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. | |||||
CVE-2001-0121 | 1 Storagesoft | 1 Imagecast Ic3 | 2025-04-03 | 5.0 MEDIUM | N/A |
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002. | |||||
CVE-2005-1743 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. | |||||
CVE-2002-1366 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 6.2 MEDIUM | N/A |
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream. | |||||
CVE-2002-0461 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. | |||||
CVE-2000-0808 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." | |||||
CVE-2001-0196 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group. | |||||
CVE-2004-1149 | 1 Broadcom | 1 Etrust Ez Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | |||||
CVE-2001-0644 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. | |||||
CVE-2005-3433 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.1 MEDIUM | N/A |
Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | |||||
CVE-2002-0418 | 1 Endymion | 1 Sake Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter. | |||||
CVE-2006-2082 | 1 Id Software | 1 Quake 3 Engine | 2025-04-03 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | |||||
CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | |||||
CVE-1999-1276 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. | |||||
CVE-2005-1988 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". | |||||
CVE-2005-2925 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. | |||||
CVE-2005-2682 | 1 Dtlink | 1 Areaedit | 2025-04-03 | 7.5 HIGH | N/A |
aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable). | |||||
CVE-2002-1985 | 1 Incognito Software Inc | 1 Ismtp Gateway | 2025-04-03 | 5.0 MEDIUM | N/A |
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. | |||||
CVE-2006-1078 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | |||||
CVE-2006-0480 | 1 Spaiz | 1 Spaiz-nuke Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file. |