Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | |||||
| CVE-1999-0504 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
| A Windows NT local user or administrator account has a default, null, blank, or missing password. | |||||
| CVE-2005-0205 | 2 Bernd Wuebben, Kde | 2 Kppp, Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
| KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. | |||||
| CVE-2003-0179 | 1 Ibm | 2 Lotus Domino Web Server, Lotus Notes Client | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. | |||||
| CVE-2002-1383 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun. | |||||
| CVE-2006-3233 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. | |||||
| CVE-2003-1428 | 2 Bharat Mediratta, Linux | 2 Gallery, Linux Kernel | 2025-04-03 | 4.8 MEDIUM | N/A |
| Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | |||||
| CVE-2006-0805 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | |||||
| CVE-2005-1701 | 1 Portailphp | 1 Portailphp | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules. | |||||
| CVE-1999-0501 | 2025-04-03 | 4.6 MEDIUM | N/A | ||
| A Unix account has a guessable password. | |||||
| CVE-2002-1427 | 1 Easy Scripts Archive | 2 Advanced Easy Homepage Creator, Easy Homepage Creator | 2025-04-03 | 7.5 HIGH | N/A |
| The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. | |||||
| CVE-2000-0357 | 1 Redhat | 1 Linux | 2025-04-03 | 7.5 HIGH | N/A |
| ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. | |||||
| CVE-2006-3785 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 2.1 LOW | N/A |
| Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | |||||
| CVE-2006-3621 | 1 Dream4 | 1 Koobi Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter. | |||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable. | |||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2006-2339 | 1 Evo-dev | 2 Evotopsites, Evotopsites Pro | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters. | |||||
| CVE-2006-0174 | 1 Hummingbird | 2 Collaboration, Enterprise Collaboration | 2025-04-03 | 4.0 MEDIUM | N/A |
| Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie. | |||||
| CVE-2006-1884 | 3 Jdedwards, Oneworld, Oracle | 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. | |||||
| CVE-1999-1348 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
| Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service. | |||||