Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29549 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0823 2 Apple, Openldap 3 Mac Os X, Mac Os X Server, Openldap 2025-04-03 7.5 HIGH N/A
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
CVE-2004-2647 1 Reid Garner 1 Free Web Chat 2025-04-03 5.0 MEDIUM N/A
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
CVE-2002-0250 1 Hp 7 Advancestack 10base-t Switching Hub J3200a, Advancestack 10base-t Switching Hub J3201a, Advancestack 10base-t Switching Hub J3202a and 4 more 2025-04-03 7.5 HIGH N/A
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
CVE-2000-1115 1 Software602 1 602pro Lan Suite 2025-04-03 7.5 HIGH N/A
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
CVE-2005-4609 1 Incogen 1 Bugport 2025-04-03 5.0 MEDIUM N/A
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter.
CVE-2001-0339 1 Microsoft 1 Internet Explorer 2025-04-03 7.5 HIGH N/A
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
CVE-2002-1683 1 Working Resources Inc. 1 Badblue 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
CVE-2006-1070 1 Dvguestbook 1 Dvguestbook 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2001-1419 2 Aol, Cerulean Studios 2 Instant Messenger, Trillian 2025-04-03 5.0 MEDIUM N/A
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
CVE-2002-1749 1 Microsoft 1 Windows 2000 2025-04-03 7.2 HIGH N/A
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
CVE-2006-2787 1 Mozilla 2 Firefox, Thunderbird 2025-04-03 9.3 HIGH N/A
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
CVE-2006-1343 1 Linux 1 Linux Kernel 2025-04-03 2.1 LOW N/A
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
CVE-2003-1246 1 Pedestal Software 1 Integrity Protection Driver 2025-04-03 2.1 LOW N/A
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
CVE-2005-3691 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands.
CVE-2005-3687 1 Whm Autopilot 1 Whm Autopilot 2025-04-03 5.0 MEDIUM N/A
cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter.
CVE-2006-3971 1 Scott Weedon 1 Ajax Chat 2025-04-03 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2002-1659 1 Iatek 1 Portalapp 2025-04-03 10.0 HIGH N/A
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
CVE-2000-0327 1 Microsoft 1 Virtual Machine 2025-04-03 7.6 HIGH N/A
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
CVE-2000-0153 1 Microsoft 2 Frontpage, Personal Web Server 2025-04-03 5.0 MEDIUM N/A
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.
CVE-2005-3019 1 Jelsoft 1 Vbulletin 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.