Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4136 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. | |||||
| CVE-2006-2775 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | |||||
| CVE-2006-0859 | 1 Michael Salzer | 1 Guestbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter. | |||||
| CVE-2006-1079 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 7.2 HIGH | N/A |
| htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | |||||
| CVE-1999-0728 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.8 HIGH | N/A |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. | |||||
| CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2025-04-03 | 5.8 MEDIUM | N/A |
| The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. | |||||
| CVE-1999-0839 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.2 HIGH | N/A |
| Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. | |||||
| CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2025-04-03 | 7.5 HIGH | N/A |
| IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | |||||
| CVE-2006-1380 | 1 Trendmicro | 1 Interscan Messaging Security Suite | 2025-04-03 | 7.2 HIGH | N/A |
| ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe. | |||||
| CVE-2002-1590 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. | |||||
| CVE-2003-0230 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 7.2 HIGH | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | |||||
| CVE-2005-0735 | 1 Newsscript.co.uk | 1 Newsscript | 2025-04-03 | 10.0 HIGH | N/A |
| newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin. | |||||
| CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. | |||||
| CVE-1999-0227 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. | |||||
| CVE-2002-2261 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 7.5 HIGH | N/A |
| Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. | |||||
| CVE-2004-1193 | 1 Prevx | 1 Prevx Home | 2025-04-03 | 6.6 MEDIUM | N/A |
| Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable. | |||||
| CVE-2006-3344 | 1 Siemens | 1 Speedstream Wireless Router | 2025-04-03 | 7.5 HIGH | N/A |
| Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component. | |||||
| CVE-2002-2394 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. | |||||
| CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.6 HIGH | N/A |
| Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | |||||
| CVE-2004-2713 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 1.9 LOW | N/A |
| Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file | |||||