Total
29515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2082 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. | |||||
| CVE-2002-1276 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
| An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | |||||
| CVE-2005-2229 | 1 Blog Torrent | 1 Blog Torrent | 2025-04-03 | 7.5 HIGH | N/A |
| Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. | |||||
| CVE-2001-0035 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request. | |||||
| CVE-2003-0142 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 5.0 MEDIUM | N/A |
| Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function. | |||||
| CVE-2002-0908 | 1 Cisco | 1 Ids Device Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request. | |||||
| CVE-2005-2944 | 1 Brent Ely | 1 Gnome Workstation Command Center | 2025-04-03 | 4.6 MEDIUM | N/A |
| The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file. | |||||
| CVE-1999-0080 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 10.0 HIGH | N/A |
| Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. | |||||
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | |||||
| CVE-2004-0612 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification. | |||||
| CVE-2006-1969 | 1 Kcscripts | 1 Portal Pack | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4047 | 1 Iisworks | 1 Aspknowledgebase | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. | |||||
| CVE-2001-0851 | 3 Caldera, Linux, Suse | 7 Openlinux, Openlinux Edesktop, Openlinux Eserver and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. | |||||
| CVE-2005-4178 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-04-03 | 6.5 MEDIUM | N/A |
| Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. | |||||
| CVE-2006-2059 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.0 MEDIUM | N/A |
| action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier. | |||||
| CVE-1999-0363 | 2 Plp, Suse | 2 Line Printer Control, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
| SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise. | |||||
| CVE-2005-2283 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 2.1 LOW | N/A |
| WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. | |||||
| CVE-2006-2614 | 1 Sun | 1 N1 System Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
| Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords. | |||||
| CVE-2006-2824 | 1 Logicalware | 1 Mailmanager | 2025-04-03 | 7.5 HIGH | N/A |
| Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | |||||
| CVE-2003-0847 | 1 Suse | 1 Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file. | |||||