Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1114 | 1 Unify | 1 Ewave Servletexec | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20". | |||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. | |||||
| CVE-1999-0127 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access. | |||||
| CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2025-04-03 | 6.4 MEDIUM | N/A |
| CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2006-2264 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2025-04-03 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-0099 | 1 Abuse | 1 Abuse-sdl | 2025-04-03 | 2.1 LOW | N/A |
| The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files. | |||||
| CVE-2003-0641 | 1 Watchguard | 1 Serverlock | 2025-04-03 | 4.6 MEDIUM | N/A |
| WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. | |||||
| CVE-2006-4284 | 1 Lblog | 1 Lblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | |||||
| CVE-2000-0911 | 1 Horde | 1 Imp | 2025-04-03 | 5.0 MEDIUM | N/A |
| IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | |||||
| CVE-1999-1158 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd. | |||||
| CVE-1999-0314 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. | |||||
| CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2025-04-03 | 5.0 MEDIUM | N/A |
| NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | |||||
| CVE-2004-0667 | 2 Gentoo, Rsbac | 2 Linux, Rule Set Based Access Control | 2025-04-03 | 7.2 HIGH | N/A |
| Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges. | |||||
| CVE-2001-0518 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
| Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. | |||||
| CVE-2005-4397 | 1 Icms Content Management Systems | 1 Icms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | |||||
| CVE-2002-1487 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
| The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367. | |||||
| CVE-2001-0217 | 1 Mnscu Pals | 1 Webpals | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. | |||||
| CVE-2005-1552 | 1 Geovision | 1 Digital Surveillance System | 2025-04-03 | 5.0 MEDIUM | N/A |
| GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image. | |||||
| CVE-2001-1203 | 1 Alessandro Rubini | 1 Gpm | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. | |||||