Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3728 | 1 Revize Cms | 1 Revize Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | |||||
| CVE-2005-0847 | 1 Code Ocean | 1 Ocean Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections. | |||||
| CVE-2006-0429 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. | |||||
| CVE-2002-0259 | 1 Instantservers Inc. | 1 Miniportal | 2025-04-03 | 4.6 MEDIUM | N/A |
| InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. | |||||
| CVE-2001-0429 | 1 Cisco | 1 Catos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. | |||||
| CVE-2005-2674 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 4.3 MEDIUM | N/A |
| Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected. | |||||
| CVE-2002-1871 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges. | |||||
| CVE-1999-0253 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL. | |||||
| CVE-2000-1105 | 1 Microsoft | 1 Indexing Service | 2025-04-03 | 4.3 MEDIUM | N/A |
| The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. | |||||
| CVE-2004-0752 | 1 Openoffice | 1 Openoffice | 2025-04-03 | 2.1 LOW | N/A |
| OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. | |||||
| CVE-2004-1706 | 1 U.s.robotics | 1 Usr808054 | 2025-04-03 | 7.5 HIGH | N/A |
| The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string. | |||||
| CVE-2006-4023 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | |||||
| CVE-1999-0108 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| The printers program in IRIX has a buffer overflow that gives root access to local users. | |||||
| CVE-2004-2670 | 1 Endonesia | 1 Endonesia | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module. | |||||
| CVE-2004-0309 | 1 Zonelabs | 2 Integrity, Zonealarm | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. | |||||
| CVE-2006-0102 | 1 Ralph Capper | 1 Tinyphpforum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. | |||||
| CVE-2004-1276 | 1 Iglooftp | 1 Iglooftp | 2025-04-03 | 2.1 LOW | N/A |
| IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP. | |||||
| CVE-2005-3242 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled. | |||||
| CVE-2005-2404 | 1 Sendcard | 1 Sendcard | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2025-04-03 | 7.2 HIGH | N/A |
| The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | |||||