Total
29520 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2025-04-03 | 2.1 LOW | N/A |
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||||
CVE-2001-0959 | 2 Broadcom, Ca | 3 Arcserve Backup, Arcserve Backup 2000, Arcserve Backup 2000 | 2025-04-03 | 6.4 MEDIUM | N/A |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. | |||||
CVE-2002-0500 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size. | |||||
CVE-2001-0947 | 1 Valicert | 1 Enterprise Validation Authority | 2025-04-03 | 7.5 HIGH | N/A |
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. | |||||
CVE-2000-0422 | 1 Netwin | 1 Dmail | 2025-04-03 | 7.5 HIGH | N/A |
Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. | |||||
CVE-2006-2465 | 1 Mp3info | 1 Mp3info | 2025-04-03 | 5.1 MEDIUM | N/A |
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability. | |||||
CVE-2006-0669 | 1 Gasoft | 1 Gas Forum Light | 2025-04-03 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments | |||||
CVE-2000-0768 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. | |||||
CVE-2001-1476 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | N/A |
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. | |||||
CVE-1999-0381 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. | |||||
CVE-2006-2838 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2025-04-03 | 7.6 HIGH | N/A |
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. | |||||
CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2005-2357 | 1 Emc | 1 Navisphere Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2025-04-03 | 7.5 HIGH | N/A |
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | |||||
CVE-2001-0021 | 1 Endymion | 1 Mailman Webmail | 2025-04-03 | 10.0 HIGH | N/A |
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter. | |||||
CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
CVE-2005-4763 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. | |||||
CVE-2000-0784 | 1 Rapidstream | 1 Rapidstream | 2025-04-03 | 10.0 HIGH | N/A |
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh. | |||||
CVE-2002-0586 | 1 Aol | 1 Aol Server | 2025-04-03 | 7.5 HIGH | N/A |
Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters. | |||||
CVE-2002-1070 | 1 Php-wiki | 1 Php-wiki | 2025-04-03 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter. |