Total
29560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1224 | 1 University Of Washington | 1 Imapd | 2025-04-03 | 3.6 LOW | N/A |
| IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information. | |||||
| CVE-2006-4357 | 1 Dieselscripts | 1 Diesel Smart Traffic | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. | |||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2000-0514 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 10.0 HIGH | N/A |
| GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. | |||||
| CVE-2005-4568 | 1 Floosietek | 1 Ftgate | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER, (2) PASS, and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server. | |||||
| CVE-2006-4585 | 1 Tr Forum | 1 Tr Forum | 2025-04-03 | 9.0 HIGH | N/A |
| SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges. | |||||
| CVE-2006-3405 | 1 Qto | 1 Qtofilemanager | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. | |||||
| CVE-2005-2154 | 1 Osticket | 1 Osticket Sts | 2025-04-03 | 7.5 HIGH | N/A |
| PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. | |||||
| CVE-2004-1933 | 1 Citadel | 1 Ux | 2025-04-03 | 2.1 LOW | N/A |
| Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. | |||||
| CVE-2000-1016 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. | |||||
| CVE-2006-3626 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 6.2 MEDIUM | N/A |
| Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. | |||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | |||||
| CVE-2005-2383 | 1 Phpnews | 1 Phpnews | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request. | |||||
| CVE-2003-0597 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. | |||||
| CVE-2004-1499 | 1 Webhost Automation | 1 Helm Control Panel | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field. | |||||
| CVE-2005-2812 | 1 Man2web | 1 Man2web | 2025-04-03 | 7.5 HIGH | N/A |
| man2web allows remote attackers to execute arbitrary commands via -P arguments. | |||||
| CVE-2005-1351 | 1 Leif M. Wright | 1 Ad.cgi | 2025-04-03 | 7.5 HIGH | N/A |
| The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2006-1740 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 2.6 LOW | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. | |||||
| CVE-2006-4492 | 1 Cybozu | 1 Cybozu Office | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. | |||||
| CVE-2001-0149 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. | |||||