Total
29832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0069 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 4.6 MEDIUM | N/A |
| The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2003-0275 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.1 MEDIUM | N/A |
| SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-1999-0291 | 1 Qbik | 1 Wingate | 2025-04-03 | 7.5 HIGH | N/A |
| The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. | |||||
| CVE-2000-0836 | 1 Broadgun Software | 1 Camshot Webcam | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header. | |||||
| CVE-2004-1164 | 1 Cisco | 1 Cns Network Registrar | 2025-04-03 | 5.0 MEDIUM | N/A |
| The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence." | |||||
| CVE-2004-1887 | 1 Ada | 1 Imgsvr | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null). | |||||
| CVE-2005-2174 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.6 LOW | N/A |
| Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. | |||||
| CVE-2005-4389 | 1 Contens | 1 Contens | 2025-04-03 | 5.0 MEDIUM | N/A |
| search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters. | |||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | |||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. | |||||
| CVE-2003-1188 | 1 Unichat | 1 Unichat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit. | |||||
| CVE-2001-1195 | 1 Novell | 1 Groupwise | 2025-04-03 | 7.5 HIGH | N/A |
| Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. | |||||
| CVE-2004-2058 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 5.0 MEDIUM | N/A |
| ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | |||||
| CVE-2004-2422 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. | |||||
| CVE-2004-2464 | 1 Ada | 1 Imgsvr | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected. | |||||
| CVE-2002-0086 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. | |||||
| CVE-2002-0141 | 1 Maelstrom | 1 Maelstrom Gpl | 2025-04-03 | 1.2 LOW | N/A |
| Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. | |||||
| CVE-2006-1966 | 1 Fortinet | 1 Fortinet28 | 2025-04-03 | 5.0 MEDIUM | N/A |
| An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST. | |||||
| CVE-2006-1695 | 1 Fbida | 1 Fbida | 2025-04-03 | 1.2 LOW | N/A |
| The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID]. | |||||