Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29518 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0474 1 Mirabilis 1 Icq 2025-04-03 5.0 MEDIUM N/A
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
CVE-2002-0498 1 Etnus 1 Totalview 2025-04-03 4.6 MEDIUM N/A
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
CVE-2002-0010 1 Mozilla 1 Bugzilla 2025-04-03 7.5 HIGH N/A
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.
CVE-2001-0220 2 Ja-elvis, Ko-helvis 2 Ja-elvis, Ko-helvis 2025-04-03 7.2 HIGH N/A
Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges.
CVE-1999-0245 1 Linux 1 Linux Kernel 2025-04-03 4.6 MEDIUM N/A
Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".
CVE-2000-0364 1 Redhat 1 Linux 2025-04-03 4.6 MEDIUM N/A
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
CVE-2005-3930 1 N-13 News 1 N-13 News 2025-04-03 7.5 HIGH N/A
SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0916 1 Mozilla 1 Bugzilla 2025-04-03 7.5 HIGH N/A
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
CVE-1999-0122 1 Ibm 1 Aix 2025-04-03 7.2 HIGH N/A
Buffer overflow in AIX lchangelv gives root access.
CVE-1999-1117 1 Ibm 1 Aix 2025-04-03 2.1 LOW N/A
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
CVE-2006-1120 1 Codeworx Technologies 1 Dcp-portal 2025-04-03 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.
CVE-2001-0523 1 Eeye Digital Security 2 Secureiis, Securells 2025-04-03 7.5 HIGH N/A
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
CVE-1999-0262 1 Renaud Deraison 1 Faxsurvey 2025-04-03 7.5 HIGH N/A
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
CVE-2003-1148 1 Les Visiteurs 1 Les Visiteurs 2025-04-03 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
CVE-2001-0571 1 Elron 2 Im Anti Virus, Im Message Inspector 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
CVE-2006-0658 1 Fckeditor 1 Fckeditor 2025-04-03 5.0 MEDIUM N/A
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
CVE-2002-2046 1 Xqus 1 X-news 2025-04-03 7.5 HIGH N/A
x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie.
CVE-2001-0553 1 Ssh 1 Secure Shell 2025-04-03 7.2 HIGH N/A
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
CVE-2006-3264 1 Namo 1 Deepsearch 2025-04-03 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2003-0081 1 Ethereal Group 1 Ethereal 2025-04-03 7.5 HIGH N/A
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.