Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | ||||
| CVE-2005-0569 | 1 Punbb | 1 Punbb | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php. | ||||
| CVE-2003-0135 | 1 Redhat | 1 Linux | 2025-04-03 | N/A |
| vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended. | ||||
| CVE-2005-4138 | 1 Thwboard | 1 Thwboard Beta | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. | ||||
| CVE-2006-0901 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code. | ||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2025-04-03 | N/A |
| phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges. | ||||
| CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2025-04-03 | N/A |
| Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. | ||||
| CVE-2005-4142 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability. | ||||
| CVE-2001-1162 | 3 Hp, Redhat, Samba | 3 Cifs-9000 Server, Linux, Samba | 2025-04-03 | N/A |
| Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. | ||||
| CVE-2001-1163 | 1 Munica | 1 Netsql | 2025-04-03 | N/A |
| Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500. | ||||
| CVE-2002-0945 | 1 Seanox | 1 Devwex | 2025-04-03 | N/A |
| Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2004-1676 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | N/A |
| Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message. | ||||
| CVE-2004-1678 | 1 Logicnow | 1 Perldesk | 2025-04-03 | N/A |
| Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs. | ||||
| CVE-2005-4155 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | N/A |
| registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor. | ||||
| CVE-2005-2208 | 1 Privashare | 1 Privashare | 2025-04-03 | N/A |
| PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | ||||
| CVE-2004-1697 | 1 Ca | 1 Unicenter Management | 2025-04-03 | N/A |
| The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. | ||||
| CVE-2001-1165 | 1 Intego | 2 Diskguard, Fileguard | 2025-04-03 | N/A |
| Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool. | ||||
| CVE-2004-1704 | 1 Wire Plastic Design | 1 Wpquiz | 2025-04-03 | N/A |
| WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. | ||||
| CVE-2003-0162 | 1 Ecartis | 1 Ecartis | 2025-04-03 | N/A |
| Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page. | ||||
| CVE-2004-1708 | 1 Shawn Webb | 1 Webbsyte Chat | 2025-04-03 | N/A |
| Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. | ||||