Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2693 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
| HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | |||||
| CVE-2006-0859 | 1 Michael Salzer | 1 Guestbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter. | |||||
| CVE-2006-3733 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2025-04-03 | 7.5 HIGH | N/A |
| jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. | |||||
| CVE-2002-1590 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. | |||||
| CVE-2005-2936 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. | |||||
| CVE-2006-3561 | 1 Bt | 1 Voyager 2091 Wireless Adsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
| BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c. | |||||
| CVE-2004-2689 | 1 Newsphp | 1 Newsphp | 2025-04-03 | 10.0 HIGH | N/A |
| NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | |||||
| CVE-2006-1733 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 6.8 MEDIUM | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | |||||
| CVE-2006-3815 | 1 Linux-ha | 1 Heartbeat | 2025-04-03 | 2.1 LOW | N/A |
| heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup. | |||||
| CVE-2006-4475 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | |||||
| CVE-2004-2699 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2025-04-03 | 4.3 MEDIUM | N/A |
| deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter. | |||||
| CVE-2003-0497 | 1 Intersystems | 1 Cache Database | 2025-04-03 | 7.2 HIGH | N/A |
| Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. | |||||
| CVE-2002-2302 | 1 3d3.com | 1 Shopfactory | 2025-04-03 | 6.4 MEDIUM | N/A |
| 3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field. | |||||
| CVE-2004-2730 | 1 Microsoft | 11 Psexec, Psgetsid, Psinfo and 8 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping. | |||||
| CVE-1999-0909 | 1 Microsoft | 4 Terminal Server, Windows 95, Windows 98se and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. | |||||
| CVE-2006-1380 | 1 Trendmicro | 1 Interscan Messaging Security Suite | 2025-04-03 | 7.2 HIGH | N/A |
| ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe. | |||||
| CVE-2002-2283 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 1.9 LOW | N/A |
| Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | |||||
| CVE-2002-2334 | 1 Joseph Allen | 1 Joe | 2025-04-03 | 3.6 LOW | N/A |
| Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users. | |||||
| CVE-2005-2454 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 4.6 MEDIUM | N/A |
| IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | |||||
| CVE-2005-4855 | 1 Ez | 1 Ez Publish | 2025-04-03 | 3.5 LOW | N/A |
| Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks. | |||||