Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0602 | 1 Info-zip | 1 Unzip | 2025-04-03 | 6.2 MEDIUM | N/A |
| Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | |||||
| CVE-2002-0254 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
| ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2004-0622 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. | |||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | |||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2025-04-03 | 5.0 MEDIUM | N/A |
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-1999-1072 | 1 Excite | 1 Ews | 2025-04-03 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | |||||
| CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2025-04-03 | 6.4 MEDIUM | N/A |
| Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. | |||||
| CVE-2006-1098 | 1 Digital Builder | 1 Nz Ecommerce | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem | |||||
| CVE-2001-0468 | 1 Ftpfs | 1 Ftpfs | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in FTPFS allows local users to gain root privileges via a long user name. | |||||
| CVE-2004-0157 | 1 Xonix | 1 Xonix | 2025-04-03 | 4.6 MEDIUM | N/A |
| x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. | |||||
| CVE-2002-1904 | 1 Gaztek | 1 Ghttpd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-1999-1467 | 1 Sun | 1 Sunos | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user. | |||||
| CVE-2006-4743 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
| WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. | |||||
| CVE-2006-3640 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | |||||
| CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 5.0 MEDIUM | N/A |
| class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | |||||
| CVE-2002-1327 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." | |||||
| CVE-2005-0799 | 1 Oracle | 1 Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
| MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN. | |||||
| CVE-2006-2298 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||