Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29520 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2960 2 Debian, Gnu 2 Debian Linux, Cfengine 2025-04-03 2.1 LOW N/A
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVE-2001-0959 2 Broadcom, Ca 3 Arcserve Backup, Arcserve Backup 2000, Arcserve Backup 2000 2025-04-03 6.4 MEDIUM N/A
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
CVE-2002-0500 1 Microsoft 1 Internet Explorer 2025-04-03 5.0 MEDIUM N/A
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
CVE-2001-0947 1 Valicert 1 Enterprise Validation Authority 2025-04-03 7.5 HIGH N/A
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
CVE-2000-0422 1 Netwin 1 Dmail 2025-04-03 7.5 HIGH N/A
Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter.
CVE-2006-2465 1 Mp3info 1 Mp3info 2025-04-03 5.1 MEDIUM N/A
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
CVE-2006-0669 1 Gasoft 1 Gas Forum Light 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
CVE-2000-0768 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 2.6 LOW N/A
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
CVE-2001-1476 1 Ssh 1 Ssh 2025-04-03 7.5 HIGH N/A
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
CVE-1999-0381 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-03 7.2 HIGH N/A
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
CVE-2006-2838 1 F-secure 2 F-secure Anti-virus, Internet Gatekeeper 2025-04-03 7.6 HIGH N/A
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.
CVE-2005-4663 1 Ocomon 1 Ocomon 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2005-2357 1 Emc 1 Navisphere Manager 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2005-1428 1 Uapplication 1 Uphotogallery 2025-04-03 7.5 HIGH N/A
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.
CVE-2001-0021 1 Endymion 1 Mailman Webmail 2025-04-03 10.0 HIGH N/A
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
CVE-2002-0561 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2025-04-03 7.5 HIGH N/A
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
CVE-2005-4763 1 Bea 1 Weblogic Server 2025-04-03 7.5 HIGH N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.
CVE-2000-0784 1 Rapidstream 1 Rapidstream 2025-04-03 10.0 HIGH N/A
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
CVE-2002-0586 1 Aol 1 Aol Server 2025-04-03 7.5 HIGH N/A
Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.
CVE-2002-1070 1 Php-wiki 1 Php-wiki 2025-04-03 7.5 HIGH N/A
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.