Total
29511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1229 | 1 Avaya | 5 Cajun P550, Cajun P550r, Cajun P580 and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
| Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2002-0171 | 1 Sgi | 1 Irisconsole | 2025-04-03 | 7.5 HIGH | N/A |
| IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. | |||||
| CVE-2004-2047 | 1 Easyweb | 1 Easyweb Filemanager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter. | |||||
| CVE-2005-3757 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2025-04-03 | 7.5 HIGH | N/A |
| The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec. | |||||
| CVE-2002-0058 | 2 Microsoft, Sun | 4 Virtual Machine, Jdk, Jre and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. | |||||
| CVE-2004-2012 | 3 Netbsd, Niels, Vladimir Kotal | 3 Netbsd, Provos Systrace, Systrace Port For Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | |||||
| CVE-2005-4226 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585. | |||||
| CVE-2005-3444 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26. | |||||
| CVE-2006-2243 | 1 Web4future | 1 News Portal | 2025-04-03 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2005-3229 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2000-0059 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
| PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. | |||||
| CVE-1999-1040 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | |||||
| CVE-2006-1926 | 1 Thwboard | 1 Thwboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter. | |||||
| CVE-2002-1542 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. | |||||
| CVE-2006-3510 | 1 Microsoft | 1 Ie | 2025-04-03 | 2.6 LOW | N/A |
| The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. | |||||
| CVE-2002-0047 | 1 Olaf Titz | 1 Cipe | 2025-04-03 | 5.0 MEDIUM | N/A |
| CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. | |||||
| CVE-2006-4115 | 1 E-zest Solutions | 1 Pgmarket | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. | |||||
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
| CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
| CVE-2003-0329 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 4.6 MEDIUM | N/A |
| CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges. | |||||