Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1396 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
| Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. | |||||
| CVE-2000-0977 | 1 Oatmeal Studios | 1 Mail File | 2025-04-03 | 5.0 MEDIUM | N/A |
| mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. | |||||
| CVE-2006-4062 | 1 Dmitry Sheiko | 1 Sapid Shop | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter. | |||||
| CVE-2005-3735 | 1 Coastal Data Management | 1 E-quick Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp. | |||||
| CVE-2005-0888 | 1 Michael Dean | 1 Double Choco Latte | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name. | |||||
| CVE-2004-0938 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 5.0 MEDIUM | N/A |
| FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet. | |||||
| CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | |||||
| CVE-2000-1108 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 4.6 MEDIUM | N/A |
| cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument. | |||||
| CVE-2006-3336 | 1 Twiki | 1 Twiki | 2025-04-03 | 4.0 MEDIUM | N/A |
| TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. | |||||
| CVE-2006-3381 | 1 Sturgeon Upload | 1 Sturgeon Upload | 2025-04-03 | 7.5 HIGH | N/A |
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | |||||
| CVE-2002-2267 | 1 Bogofilter | 1 Bogopass Email Filter | 2025-04-03 | 7.2 HIGH | N/A |
| bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file. | |||||
| CVE-1999-0273 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of service through Solaris 2.5.1 telnet by sending ^D characters. | |||||
| CVE-2003-0737 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 5.0 MEDIUM | N/A |
| The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. | |||||
| CVE-2001-0259 | 1 Ssh | 1 Ssh | 2025-04-03 | 3.6 LOW | N/A |
| ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file. | |||||
| CVE-2003-1292 | 1 Ashwebstudio | 1 Ashnews | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php. | |||||
| CVE-2005-2144 | 1 Prevx | 1 Prevx Pro 2005 | 2025-04-03 | 2.1 LOW | N/A |
| Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. | |||||
| CVE-2001-0156 | 1 Van Dyke Technologies | 1 Vshell | 2025-04-03 | 2.1 LOW | N/A |
| VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems. | |||||
| CVE-2001-0109 | 1 Suse | 1 Suse Linux | 2025-04-03 | 1.2 LOW | N/A |
| rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file. | |||||
| CVE-1999-1114 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. | |||||
| CVE-2005-1018 | 1 Ca | 1 Brightstor Arcserve Backup | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. | |||||