Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2932 1 Checkpoint 2 Zonealarm, Zonealarm Security Suite 2025-04-03 N/A
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.
CVE-2006-2530 1 Snitz Communications 2 Avatar Mod, Snitz Forums 2000 2025-04-03 N/A
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
CVE-2006-3443 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
CVE-2005-2959 1 Todd Miller 1 Sudo 2025-04-03 N/A
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
CVE-2002-0013 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2025-04-03 N/A
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2002-0012 2 Redhat, Snmp 3 Linux, Powertools, Snmp 2025-04-03 N/A
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
CVE-2005-0970 1 Apple 1 Mac Os X 2025-04-03 N/A
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.
CVE-2006-1725 1 Mozilla 2 Firefox, Seamonkey 2025-04-03 N/A
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.
CVE-2006-3697 3 Agnitum, Lavasoft, Novell 3 Outpost Firewall, Lavasoft Personal Firewall, Client Firewall 2025-04-03 N/A
Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.
CVE-2003-1460 1 Ralf Hoffmann 1 Worker Filemanager 2025-04-03 N/A
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2025-04-03 N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-2005-3273 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
CVE-2002-2425 1 Sun 1 Solaris Answerbook2 2025-04-03 N/A
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
CVE-2006-2353 1 Ipswitch 1 Whatsup Professional 2025-04-03 N/A
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.
CVE-2003-1474 1 Freebsd 1 Slashem-tty 2025-04-03 N/A
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
CVE-2003-1495 1 Hp 3 Insight Management Suite, Insight Manager, Remote Diagnostics Enabling Agent 2025-04-03 N/A
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2025-04-03 N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2006-4136 1 Ibm 1 Websphere Application Server 2025-04-03 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
CVE-2004-2743 1 Raditha Dissanayake 1 Mega Upload Progress Bar 2025-04-03 N/A
upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.
CVE-2004-2699 1 Aspdotnetstorefront 1 Aspdotnetstorefront 2025-04-03 N/A
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.