Total
29561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0382 | 2 Debian, Michael Jennings | 2 Debian Linux, Eterm | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable. | |||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | |||||
| CVE-2004-1295 | 1 Uml-utilities | 1 Uml-utilities | 2025-04-03 | 2.1 LOW | N/A |
| The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled). | |||||
| CVE-2005-0487 | 1 Kayako | 1 Esupport | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. | |||||
| CVE-2002-0030 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 4.6 MEDIUM | N/A |
| The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. | |||||
| CVE-2002-1725 | 1 Onlinetools.org | 1 Phpimageview | 2025-04-03 | 5.0 MEDIUM | N/A |
| phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function. | |||||
| CVE-2004-1384 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php. | |||||
| CVE-2005-4674 | 1 Complete Php Counter | 1 Complete Php Counter | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter. | |||||
| CVE-2000-1097 | 1 Sonicwall | 1 Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. | |||||
| CVE-2005-2213 | 1 Mms Ripper | 1 Mms Ripper | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams. | |||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2025-04-03 | 5.0 MEDIUM | N/A |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2003-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. | |||||
| CVE-2006-4524 | 1 Digiappz | 1 Freekot | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2002-1239 | 1 Qnx | 1 Rtos | 2025-04-03 | 7.2 HIGH | N/A |
| QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. | |||||
| CVE-2006-3779 | 1 Citrix | 3 Metaframe, Metaframe Presentation Server, Presentation Server | 2025-04-03 | 6.5 MEDIUM | N/A |
| Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | |||||
| CVE-2003-0771 | 1 Apache Gallery | 1 Apache Gallery | 2025-04-03 | 4.6 MEDIUM | N/A |
| Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does. | |||||
| CVE-2005-3052 | 1 Jportal | 1 Jportal Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php. | |||||
| CVE-2004-0158 | 1 Lgames | 1 Lbreakout2 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c. | |||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. | |||||
| CVE-2001-1504 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 7.5 HIGH | N/A |
| Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. | |||||