Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0402 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. | |||||
| CVE-2004-2336 | 1 Novell | 2 Groupwise, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | |||||
| CVE-2001-0013 | 1 Isc | 1 Bind | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. | |||||
| CVE-2004-1917 | 1 Lcdproc | 1 Lcdproc | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. | |||||
| CVE-2003-0087 | 1 National Language Support | 1 Libim | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. | |||||
| CVE-1999-0820 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands. | |||||
| CVE-2005-3094 | 1 Avi Alkalay | 1 Man Cgi | 2025-04-03 | 7.5 HIGH | N/A |
| Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter. | |||||
| CVE-2004-0364 | 1 Symantec | 1 Norton Internet Security | 2025-04-03 | 7.5 HIGH | N/A |
| The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. | |||||
| CVE-2001-1286 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. | |||||
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | |||||
| CVE-2002-1441 | 1 Tomahawk Technologies | 1 Steelarrow | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request. | |||||
| CVE-2001-0442 | 1 David Harris | 1 Mercury Nlm | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. | |||||
| CVE-2003-0728 | 1 Horde | 1 Horde | 2025-04-03 | 6.4 MEDIUM | N/A |
| Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. | |||||
| CVE-1999-0088 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. | |||||
| CVE-2004-0437 | 1 South River Technologies | 1 Titan Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. | |||||
| CVE-2003-1332 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. | |||||
| CVE-2006-3662 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1 | |||||
| CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | |||||
| CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
| Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | |||||
| CVE-2005-4010 | 1 Sensation Designs | 1 Kbase Express | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | |||||