Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | ||||
| CVE-2003-0097 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). | ||||
| CVE-2004-0941 | 3 Gd Graphics Library, Redhat, Trustix | 3 Gdlib, Enterprise Linux, Secure Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. | ||||
| CVE-2004-0908 | 2 Mozilla, Redhat | 3 Mozilla, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. | ||||
| CVE-2002-0204 | 1 Gnu | 1 Chess | 2025-04-03 | N/A |
| Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command. | ||||
| CVE-2002-0455 | 1 Incredimail | 1 Incredimail | 2025-04-03 | N/A |
| IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | ||||
| CVE-2006-2839 | 1 Webwork | 1 Webwork | 2025-04-03 | N/A |
| Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory. | ||||
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | N/A |
| Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | ||||
| CVE-2002-0470 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2025-04-03 | N/A |
| PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path. | ||||
| CVE-2004-0902 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | N/A |
| Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. | ||||
| CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2025-04-03 | N/A |
| ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | ||||
| CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | ||||
| CVE-2002-0490 | 1 Instant Web Mail | 1 Instant Web Mail | 2025-04-03 | N/A |
| Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php. | ||||
| CVE-2005-4510 | 1 Extensis | 1 Netpublish Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. | ||||
| CVE-1999-0591 | 2025-04-03 | N/A | ||
| An event log in Windows NT has inappropriate access permissions. | ||||
| CVE-1999-0588 | 2025-04-03 | N/A | ||
| A filter in a router or firewall allows unusual fragmented packets. | ||||
| CVE-2005-4618 | 1 Linux | 1 Linux Kernel | 2025-04-03 | N/A |
| Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. | ||||
| CVE-2005-4509 | 1 Parallel Tools Consortium | 1 Ptools | 2025-04-03 | N/A |
| SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2002-0508 | 1 Wwwisis | 1 Wwwisis | 2025-04-03 | N/A |
| wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog. | ||||
| CVE-2002-0509 | 1 Oracle | 1 Oracle9i | 2025-04-03 | N/A |
| Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | ||||