Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2978 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 7.5 HIGH | N/A |
| pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. | |||||
| CVE-2002-1930 | 1 An | 1 An-httpd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | |||||
| CVE-2002-1131 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | |||||
| CVE-2002-1407 | 1 Adam Megacz | 1 Tinyssl | 2025-04-03 | 7.5 HIGH | N/A |
| TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | |||||
| CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 4.6 MEDIUM | N/A |
| Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. | |||||
| CVE-2006-4735 | 1 Kellan Elliott-mccrea | 1 Magpierss | 2025-04-03 | 5.0 MEDIUM | N/A |
| Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages. | |||||
| CVE-2004-0135 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory. | |||||
| CVE-2004-1685 | 1 Smc Networks | 2 Smc7004vwbr, Smc7008abr | 2025-04-03 | 7.5 HIGH | N/A |
| SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages. | |||||
| CVE-2005-2453 | 1 Networkactiv | 1 Networkactiv Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2002-0124 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2025-04-03 | 5.0 MEDIUM | N/A |
| MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. | |||||
| CVE-2000-0044 | 1 Jgaa | 1 Warftpd | 2025-04-03 | 10.0 HIGH | N/A |
| Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. | |||||
| CVE-2006-0572 | 1 Hinton Design | 1 Phpstatus | 2025-04-03 | 7.5 HIGH | N/A |
| phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. | |||||
| CVE-2004-1792 | 1 Yatsoft | 1 Switch Off | 2025-04-03 | 5.0 MEDIUM | N/A |
| swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000). | |||||
| CVE-2002-1490 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
| NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes. | |||||
| CVE-2003-0832 | 1 Webfs | 1 Webfs | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header. | |||||
| CVE-2005-2916 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 5.0 MEDIUM | N/A |
| Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. | |||||
| CVE-2003-0404 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template. | |||||
| CVE-2005-0535 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | |||||
| CVE-2003-0740 | 1 Stunnel | 1 Stunnel | 2025-04-03 | 4.6 MEDIUM | N/A |
| Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. | |||||