Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0963 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| FreeBSD mount_union command allows local users to gain root privileges via a symlink attack. | |||||
| CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2025-04-03 | 5.0 MEDIUM | N/A |
| CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | |||||
| CVE-2002-0293 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 6.2 MEDIUM | N/A |
| FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. | |||||
| CVE-2001-0948 | 1 Valicert | 1 Enterprise Validation Authority | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. | |||||
| CVE-2005-0436 | 1 Awstats | 1 Awstats | 2025-04-03 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | |||||
| CVE-2001-0061 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space. | |||||
| CVE-2005-0065 | 1 Tcp | 1 Tcp | 2025-04-03 | 10.0 HIGH | N/A |
| The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2002-0603 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500. | |||||
| CVE-2006-4973 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter. | |||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | |||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | |||||
| CVE-2005-4726 | 1 Mute | 1 Mute | 2025-04-03 | 5.0 MEDIUM | N/A |
| MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain. | |||||
| CVE-2002-1381 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. | |||||
| CVE-2004-2193 | 1 Cjoverkill | 1 Cjoverkill | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters. | |||||
| CVE-2001-1183 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2005-4780 | 1 Fidra Software | 1 Lighthouse Cms | 2025-04-03 | 4.3 MEDIUM | 3.7 LOW |
| Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED | |||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | |||||
| CVE-1999-0989 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. | |||||
| CVE-2005-3802 | 1 Belkin | 2 F5d7230-4, F5d7232-4 | 2025-04-03 | 5.1 MEDIUM | N/A |
| Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. | |||||
| CVE-2004-2183 | 1 Wehelpbus | 1 Wehelpbus | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. | |||||