Total
29813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4352 | 2 Linux, Netbsd | 2 Linux Kernel, Netbsd | 2025-04-03 | 2.1 LOW | N/A |
| The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." | |||||
| CVE-2003-1269 | 1 An | 1 An-http | 2025-04-03 | 5.0 MEDIUM | N/A |
| AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. | |||||
| CVE-2001-0848 | 1 E-zone Media | 1 Fuse Talk | 2025-04-03 | 4.6 MEDIUM | N/A |
| join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable. | |||||
| CVE-2004-0088 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. | |||||
| CVE-2005-3346 | 1 Osh | 1 Osh | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | |||||
| CVE-2001-1361 | 1 Twig Development Team | 1 Twig | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. | |||||
| CVE-2006-2046 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. | |||||
| CVE-2006-1754 | 1 Swsoft | 1 Confixx | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. | |||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
| htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | |||||
| CVE-2006-4796 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). | |||||
| CVE-2006-1088 | 1 Php-stats | 1 Php-stats | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. | |||||
| CVE-2005-2389 | 1 Symantec Veritas | 2 Netbackup Enterprise Server, Netbackup Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. | |||||
| CVE-2004-2057 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2005-0418 | 1 Sun | 1 J2se | 2025-04-03 | 7.5 HIGH | N/A |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836. | |||||
| CVE-2005-0624 | 1 Debian | 1 Reportbug | 2025-04-03 | 2.1 LOW | N/A |
| reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords. | |||||
| CVE-2004-1137 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read. | |||||
| CVE-2002-1616 | 1 Hp | 1 Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc. | |||||
| CVE-2006-4890 | 1 Unak | 1 Unak Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | |||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-0800 | 1 Mcnews | 1 Mcnews | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720. | |||||