Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1174 | 1 Debian | 1 Shadow | 2025-04-03 | 3.7 LOW | N/A |
| useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. | |||||
| CVE-2006-4640 | 1 Adobe | 1 Flash Player | 2025-04-03 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. | |||||
| CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
| The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | |||||
| CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
| Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||||
| CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2025-04-03 | 7.2 HIGH | N/A |
| Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||||
| CVE-2006-0008 | 1 Microsoft | 3 Office, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
| The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | |||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2025-04-03 | 9.3 HIGH | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | |||||
| CVE-2006-2918 | 1 Lanap Botdetect | 1 Captcha Asp.net | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number." | |||||
| CVE-2006-2353 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
| NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | |||||
| CVE-2002-2270 | 1 Hp | 1 Hp-ux | 2025-04-03 | 3.6 LOW | N/A |
| Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view "normally invisible data" via unknown attack vectors. | |||||
| CVE-2002-2360 | 1 Webmin | 1 Webmin | 2025-04-03 | 9.3 HIGH | N/A |
| The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | |||||
| CVE-2005-3257 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
| The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys. | |||||
| CVE-2005-2071 | 1 Sun | 1 Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
| traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot). | |||||
| CVE-2006-3443 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." | |||||
| CVE-2002-2395 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 5.0 MEDIUM | N/A |
| InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. | |||||
| CVE-2002-2334 | 1 Joseph Allen | 1 Joe | 2025-04-03 | 3.6 LOW | N/A |
| Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users. | |||||
| CVE-2003-1460 | 1 Ralf Hoffmann | 1 Worker Filemanager | 2025-04-03 | 3.6 LOW | N/A |
| Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information. | |||||
| CVE-2004-2733 | 1 Webwiz | 1 Web Wiz Forums | 2025-04-03 | 5.8 MEDIUM | N/A |
| Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp. | |||||
| CVE-2006-0525 | 1 Adobe | 9 Acrobat, Acrobat Reader, Creative Suite and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. | |||||
| CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2025-04-03 | 5.0 MEDIUM | N/A |
| SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | |||||