Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0444 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-03 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax. | |||||
| CVE-2001-0032 | 1 Eric Rescorla | 1 Ssldump | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. | |||||
| CVE-1999-0988 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
| UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. | |||||
| CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2025-04-03 | 7.5 HIGH | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | |||||
| CVE-2005-3939 | 1 Wsn Knowledge Base | 1 Wsn Knowledge Base | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. | |||||
| CVE-2004-0771 | 1 Tsugio Okamoto | 1 Lha | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | |||||
| CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2005-3027 | 1 Sybari | 1 Antigen | 2025-04-03 | 5.0 MEDIUM | N/A |
| Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment". | |||||
| CVE-2001-0141 | 1 Gert Doering | 1 Mgetty | 2025-04-03 | 1.2 LOW | N/A |
| mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||||
| CVE-2004-0653 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
| Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. | |||||
| CVE-2005-0276 | 1 3com | 1 3cdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands. | |||||
| CVE-2006-2446 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.4 MEDIUM | N/A |
| Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. | |||||
| CVE-2005-0541 | 1 Cyclades | 1 Alterpath Manager | 2025-04-03 | 7.5 HIGH | N/A |
| consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | |||||
| CVE-1999-0286 | 2025-04-03 | 10.0 HIGH | N/A | ||
| In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. | |||||
| CVE-2005-4130 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | |||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-2219 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | |||||
| CVE-2001-0354 | 1 Thenet | 1 Checkbo | 2025-04-03 | 5.0 MEDIUM | N/A |
| TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. | |||||
| CVE-2001-1440 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. | |||||