Total
5468 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-2353 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | N/A |
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | ||||
CVE-2004-2699 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2025-04-03 | N/A |
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter. | ||||
CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | N/A |
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | ||||
CVE-2004-2689 | 1 Newsphp | 1 Newsphp | 2025-04-03 | N/A |
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | ||||
CVE-2004-2729 | 1 Hummingbird | 1 Connectivity | 2025-04-03 | N/A |
Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections. | ||||
CVE-2004-2739 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | N/A |
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors. | ||||
CVE-2005-0139 | 1 Sgi | 1 Irix | 2025-04-03 | N/A |
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities. | ||||
CVE-2006-0527 | 1 Isc | 1 Bind | 2025-04-03 | N/A |
BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. | ||||
CVE-2003-1383 | 1 Logicworks | 1 Web Erp | 2025-04-03 | N/A |
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | ||||
CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2025-04-03 | N/A |
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | ||||
CVE-2005-4871 | 1 Ibm | 1 Db2 | 2025-04-03 | N/A |
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | ||||
CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2025-04-03 | N/A |
SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | ||||
CVE-2004-2743 | 1 Raditha Dissanayake | 1 Mega Upload Progress Bar | 2025-04-03 | N/A |
upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | ||||
CVE-2005-2938 | 1 Apple | 1 Itunes | 2025-04-03 | N/A |
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. | ||||
CVE-2005-2959 | 1 Todd Miller | 1 Sudo | 2025-04-03 | N/A |
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. | ||||
CVE-2003-0857 | 1 Redhat | 1 Enterprise Linux | 2025-04-03 | N/A |
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | ||||
CVE-2005-0244 | 2 Postgresql, Redhat | 2 Postgresql, Enterprise Linux | 2025-04-03 | N/A |
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. | ||||
CVE-2006-1888 | 1 Phpgraphy | 1 Phpgraphy | 2025-04-03 | N/A |
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. | ||||
CVE-2006-4136 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | N/A |
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. | ||||
CVE-2005-1532 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160. |