Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2943 | 1 Davide Libenzi | 1 Xmail | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option. | |||||
| CVE-2005-3345 | 1 Rssh | 1 Rssh | 2025-04-03 | 7.2 HIGH | N/A |
| rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. | |||||
| CVE-2006-3535 | 1 Nullsoft | 1 Shoutcast Dsp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | |||||
| CVE-2002-1731 | 1 Ibm | 1 Os 400 | 2025-04-03 | 2.1 LOW | N/A |
| The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. | |||||
| CVE-2005-0570 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL. | |||||
| CVE-2006-0303 | 1 Joomla | 1 Joomla | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. | |||||
| CVE-2005-0240 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message. | |||||
| CVE-2002-1126 | 2 Galeon, Mozilla | 2 Galeon Browser, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
| Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler. | |||||
| CVE-2005-3809 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
| The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference. | |||||
| CVE-2005-2984 | 1 Data Center Resources | 1 Avocent | 2025-04-03 | 4.6 MEDIUM | N/A |
| Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port. | |||||
| CVE-2005-0187 | 1 Athoc | 1 Athoc Toolbar | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. | |||||
| CVE-2005-1621 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. | |||||
| CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter. | |||||
| CVE-2002-1429 | 1 Endity.com | 1 Shoutbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. | |||||
| CVE-1999-1235 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.6 MEDIUM | N/A |
| Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. | |||||
| CVE-2002-2307 | 1 Pyramid | 1 Benhur Software Update | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20. | |||||
| CVE-1999-0911 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. | |||||
| CVE-2003-1327 | 2 Linux, Washington University | 2 Linux Kernel, Wu-ftpd | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. | |||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | |||||
| CVE-2005-4760 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | |||||