Total
29539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2025-04-03 | 10.0 HIGH | N/A |
| ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | |||||
| CVE-2005-0231 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
| Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | |||||
| CVE-2004-1384 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php. | |||||
| CVE-1999-0595 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. | |||||
| CVE-1999-0525 | 2025-04-03 | N/A | N/A | ||
| IP traceroute is allowed from arbitrary hosts. | |||||
| CVE-2005-3101 | 1 Six Apart | 1 Movable Type | 2025-04-03 | 5.0 MEDIUM | N/A |
| The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | |||||
| CVE-2004-2187 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors. | |||||
| CVE-1999-0135 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. | |||||
| CVE-2005-1107 | 1 Mcafee | 1 Internet Security Suite | 2025-04-03 | 7.2 HIGH | N/A |
| McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files. | |||||
| CVE-2005-1181 | 1 Ariadne | 1 Ariadne Cms | 2025-04-03 | 7.5 HIGH | N/A |
| NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005 | |||||
| CVE-2005-4668 | 1 Parosproxy | 1 Parosproxy | 2025-04-03 | 4.6 MEDIUM | N/A |
| The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. | |||||
| CVE-2006-4923 | 1 Esyndicat Portal System | 1 Esyndicat Portal System | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter. | |||||
| CVE-2004-0358 | 1 Virtuasystems | 1 Virtuanews Pro | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php. | |||||
| CVE-2003-0938 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.2 HIGH | N/A |
| vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure. | |||||
| CVE-2005-3913 | 1 Vchs | 1 Vchs | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users. | |||||
| CVE-2001-1006 | 1 Starfish | 1 Truesync Desktop | 2025-04-03 | 5.0 MEDIUM | N/A |
| Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. | |||||
| CVE-1999-0635 | 2025-04-03 | N/A | N/A | ||
| The echo service is running. | |||||
| CVE-2002-1079 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. | |||||
| CVE-2006-0474 | 1 Shareaza | 1 Shareaza | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h. | |||||
| CVE-2006-1178 | 1 Tamarack Consulting | 1 Tamarack Mmsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. | |||||