Total
28764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2364 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference. | |||||
| CVE-2006-6084 | 1 Unverse.net | 1 Abitwhizzy | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-1381 | 1 Trend Micro | 1 Officescan | 2024-02-14 | 10.0 HIGH | N/A |
| Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. | |||||
| CVE-2005-1910 | 1 Wwweb Concepts | 1 Events System | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2001-0479 | 1 Phppgadmin | 1 Phppgadmin | 2024-02-14 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
| CVE-2003-0937 | 1 Sco | 2 Open Unix, Unixware | 2024-02-14 | 4.6 MEDIUM | N/A |
| SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the "as" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user. | |||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2024-02-14 | 5.0 MEDIUM | N/A |
| Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. | |||||
| CVE-2002-1477 | 1 The Cacti Group | 1 Cacti | 2024-02-14 | 7.5 HIGH | N/A |
| graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. | |||||
| CVE-2005-3184 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 10.0 HIGH | N/A |
| Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value. | |||||
| CVE-2005-0705 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2005-1456 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort). | |||||
| CVE-2007-3163 | 1 Frederico Caldeira Knabben | 1 Fckeditor | 2024-02-14 | 5.0 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. | |||||
| CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2024-02-14 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2004-2487 | 1 Nexgen | 1 Nexgen Ftp Server | 2024-02-14 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands. | |||||
| CVE-2006-1253 | 1 Glftpd | 1 Glftpd | 2024-02-14 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. | |||||
| CVE-2004-0507 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2024-02-14 | 10.0 HIGH | N/A |
| Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-1141 | 1 Ethereal Group | 1 Ethereal | 2024-02-14 | 5.0 MEDIUM | N/A |
| The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory. | |||||
| CVE-2005-1906 | 1 Livingmailing | 1 Livingmailing | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement is no longer available. | |||||
| CVE-2005-0832 | 1 Php-post | 1 Php-post Web Forum | 2024-02-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-3527 | 1 Bosdev | 1 Bosclassifieds Classified Ads | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php. | |||||