Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1856 | 1 Sukria | 1 Backup Manager | 2025-04-03 | 2.1 LOW | N/A |
| The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2002-0800 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
| BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | |||||
| CVE-2005-0998 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | |||||
| CVE-2004-1323 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
| Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions. | |||||
| CVE-1999-0305 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. | |||||
| CVE-2005-3336 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2133 | 1 Cvsup | 1 Cvsup | 2025-04-03 | 4.6 MEDIUM | N/A |
| Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages. | |||||
| CVE-2006-2527 | 1 Smartisoft | 1 Phpbazar | 2025-04-03 | 7.5 HIGH | N/A |
| Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. | |||||
| CVE-2006-3393 | 1 Electronic Arts | 1 Nascar Racing | 2025-04-03 | 7.8 HIGH | N/A |
| Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. | |||||
| CVE-2004-1827 | 2 Simple Machines, Yabb | 2 Simple Machines Smf, Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. | |||||
| CVE-2003-0438 | 1 Yuuichi Teranishi | 1 Eldav | 2025-04-03 | 1.2 LOW | N/A |
| eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0986 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | 1.7 LOW | N/A |
| Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. | |||||
| CVE-2002-1107 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 7.5 HIGH | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. | |||||
| CVE-1999-0115 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| AIX bugfiler program allows local users to gain root access. | |||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | |||||
| CVE-2006-0803 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | |||||
| CVE-2002-0993 | 1 Hp | 1 Instant Support | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. | |||||
| CVE-2005-4014 | 1 Php Web | 1 Statistik | 2025-04-03 | 7.8 HIGH | N/A |
| stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | |||||
| CVE-2002-0145 | 1 Scott Parish | 1 Chuid | 2025-04-03 | 7.5 HIGH | N/A |
| chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. | |||||
| CVE-2004-2289 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. | |||||