Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1094 | 1 Crosstec Corporation | 1 Netop School | 2025-04-03 | 4.6 MEDIUM | N/A |
| NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. | |||||
| CVE-2005-3060 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2001-0238 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | |||||
| CVE-2006-1988 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
| The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. | |||||
| CVE-2006-0893 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments. | |||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2025-04-03 | 7.5 HIGH | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | |||||
| CVE-2000-0908 | 1 Netcplus | 1 Browsegate | 2025-04-03 | 5.0 MEDIUM | N/A |
| BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. | |||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | |||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2001-0966 | 1 Nudester.org | 1 Nudester | 2025-04-03 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. | |||||
| CVE-2001-0516 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
| Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. | |||||
| CVE-1999-0399 | 1 Khaled Mardam-bey | 1 Mirc | 2025-04-03 | 7.5 HIGH | N/A |
| The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands. | |||||
| CVE-2006-1680 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 2.6 LOW | N/A |
| Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. | |||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). | |||||
| CVE-2001-0128 | 6 Conectiva, Debian, Freebsd and 3 more | 7 Linux, Debian Linux, Freebsd and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
| Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | |||||
| CVE-2006-1209 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file. | |||||
| CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 5.0 MEDIUM | N/A |
| The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | |||||
| CVE-2005-4458 | 1 Metadot | 1 Metadot Portal Server | 2025-04-03 | 9.0 HIGH | N/A |
| Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group. | |||||
| CVE-2003-0941 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.5 HIGH | N/A |
| web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa. | |||||
| CVE-2006-4104 | 1 Mojoscripts | 1 Mojogallery | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." | |||||