Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1134 | 7 Caldera, Conectiva, Hp and 4 more | 9 Openlinux, Openlinux Edesktop, Openlinux Eserver and 6 more | 2017-10-18 | 7.2 HIGH | N/A |
| Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack. | |||||
| CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2017-10-18 | 2.1 LOW | N/A |
| cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. | |||||
| CVE-1999-1573 | 1 Hp | 1 Hp-ux | 2017-10-18 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files. | |||||
| CVE-1999-0562 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2017-10-18 | 7.5 HIGH | N/A |
| The registry in Windows NT can be accessed remotely by users who are not administrators. | |||||
| CVE-2006-1596 | 1 Claroline | 1 Claroline | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. | |||||
| CVE-2006-2570 | 1 Calogic | 1 Calogic Calendars | 2017-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue. | |||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2017-10-18 | 5.0 MEDIUM | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | |||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | |||||
| CVE-2005-4411 | 1 David Harris | 1 Mercury Mail Transport System | 2017-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. | |||||
| CVE-2005-2327 | 1 E107 | 1 E107 | 2017-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. | |||||
| CVE-2005-4533 | 1 Scponly | 1 Scponly | 2017-10-11 | 7.5 HIGH | N/A |
| Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered. | |||||
| CVE-2006-2440 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | |||||
| CVE-2002-2138 | 1 Hp | 2 Advanced Server 9000, Hp-ux | 2017-10-11 | 5.0 MEDIUM | N/A |
| RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139. | |||||
| CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-11 | 10.0 HIGH | N/A |
| The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2001-1564 | 1 Hp | 1 Hp-ux | 2017-10-11 | 2.1 LOW | N/A |
| setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space. | |||||
| CVE-2004-0538 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-11 | 7.5 HIGH | N/A |
| LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user. | |||||
| CVE-2005-0708 | 2 Dragonflybsd, Freebsd | 2 Dragonflybsd, Freebsd | 2017-10-11 | 10.0 HIGH | N/A |
| The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2007-3430 | 1 Simple Invoices | 1 Simple Invoices | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. | |||||
| CVE-2007-3452 | 1 Edocstore | 1 Edocstore | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action. | |||||