Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | ||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | ||||
| CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2025-04-03 | N/A |
| index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | ||||
| CVE-2004-2658 | 1 Suse | 1 Suse Linux | 2025-04-03 | N/A |
| resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types. | ||||
| CVE-2005-2683 | 1 Phpkit | 1 Phpkit | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | ||||
| CVE-2005-0014 | 1 Ncpfs | 1 Ncpfs | 2025-04-03 | N/A |
| Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client. | ||||
| CVE-2005-2514 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. | ||||
| CVE-2005-0013 | 2 Ncpfs, Redhat | 2 Ncpfs, Enterprise Linux | 2025-04-03 | N/A |
| nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges. | ||||
| CVE-2005-0010 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2025-04-03 | N/A |
| Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory. | ||||
| CVE-2005-0011 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | ||||
| CVE-2005-0012 | 1 Dillo | 1 Dillo Web Browser | 2025-04-03 | N/A |
| Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. | ||||
| CVE-2005-0051 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
| The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." | ||||
| CVE-2005-0054 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | ||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. | ||||
| CVE-2005-0104 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables. | ||||
| CVE-2005-0106 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-03 | N/A |
| SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file. | ||||
| CVE-2005-0152 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." | ||||
| CVE-2005-0158 | 1 Bidwatcher | 1 Bidwatcher | 2025-04-03 | N/A |
| Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses. | ||||
| CVE-2005-0187 | 1 Athoc | 1 Athoc Toolbar | 2025-04-03 | N/A |
| Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. | ||||