Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2003-1426 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 3.3 LOW | N/A |
| Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. | |||||
| CVE-2002-2331 | 1 Cascadesoft | 1 W3mail | 2025-04-03 | 5.8 MEDIUM | N/A |
| W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments. | |||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.1 HIGH | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||||
| CVE-1999-0766 | 1 Microsoft | 2 Internet Explorer, Java Virtual Machine | 2025-04-03 | 9.3 HIGH | N/A |
| The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. | |||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2025-04-03 | 9.3 HIGH | N/A |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | |||||
| CVE-1999-0886 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 9.0 HIGH | N/A |
| The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | |||||
| CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2025-04-03 | 4.6 MEDIUM | N/A |
| Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | |||||
| CVE-2003-1449 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2025-04-03 | 7.5 HIGH | N/A |
| Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection. | |||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2025-04-03 | 9.3 HIGH | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | |||||
| CVE-1999-0656 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
| The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | |||||
| CVE-2002-2234 | 1 Netscreen | 1 Screenos | 2025-04-03 | 4.3 MEDIUM | N/A |
| NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. | |||||
| CVE-1999-0858 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. | |||||
| CVE-2003-1352 | 1 Gabber | 1 Gabber | 2025-04-03 | 5.0 MEDIUM | N/A |
| Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing. | |||||
| CVE-2002-2280 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 2.1 LOW | N/A |
| syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. | |||||
| CVE-2003-1357 | 2 Microsoft, Replicom | 2 Windows Nt, Proxyview | 2025-04-03 | 10.0 HIGH | N/A |
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | |||||
| CVE-2002-2373 | 1 Apple | 2 Apple Laserwriter, Tcp Ip Configuration Utility | 2025-04-03 | 7.5 HIGH | N/A |
| The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access. | |||||
| CVE-2005-4837 | 2 Net-snmp, Sourceforge | 2 Net-snmp, Net-snmp | 2025-04-03 | 10.0 HIGH | N/A |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | |||||
| CVE-2024-42031 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-19 | N/A | 7.5 HIGH |
| Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-33105 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Ar9380 and 295 more | 2025-01-10 | N/A | 7.5 HIGH |
| Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. | |||||