Total
29796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2025-04-03 | 2.1 LOW | N/A |
| oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. | |||||
| CVE-2004-0306 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. | |||||
| CVE-2005-4393 | 1 E-publish | 1 E-publish | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters. | |||||
| CVE-2004-2367 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command. | |||||
| CVE-2003-0431 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 10.0 HIGH | N/A |
| The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. | |||||
| CVE-2005-0663 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | |||||
| CVE-2001-1436 | 1 Dallas Semiconductor | 1 Ibutton | 2025-04-03 | 4.6 MEDIUM | N/A |
| Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password. | |||||
| CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | |||||
| CVE-2005-0007 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion). | |||||
| CVE-2005-1519 | 1 Squid | 1 Squid | 2025-04-03 | 6.4 MEDIUM | N/A |
| Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. | |||||
| CVE-2004-0663 | 1 Powerportal | 1 Powerportal | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module. | |||||
| CVE-2006-1894 | 1 Revoboard | 1 Revoboard | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant. | |||||
| CVE-2002-1863 | 1 Iomega | 1 Network Attached Storage | 2025-04-03 | 4.6 MEDIUM | N/A |
| Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled. | |||||
| CVE-2002-0138 | 1 Andreas Mueller | 1 Cdrdao | 2025-04-03 | 2.1 LOW | N/A |
| CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command. | |||||
| CVE-2002-0690 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings. | |||||
| CVE-2004-2289 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. | |||||
| CVE-2005-1917 | 1 Kpopper | 1 Kpopper | 2025-04-03 | 2.1 LOW | N/A |
| kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file. | |||||
| CVE-2006-1279 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2025-04-03 | 5.0 MEDIUM | N/A |
| CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. | |||||
| CVE-2004-0767 | 1 Ngsec | 1 Stackdefender | 2025-04-03 | 5.0 MEDIUM | N/A |
| NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions. | |||||
| CVE-2004-2677 | 1 Qwikmail | 1 Qwikmail Smtp | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments. | |||||