Total
5483 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2929 | 2 Redhat, University Of Kansas | 2 Enterprise Linux, Lynx | 2025-04-03 | N/A |
| Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | ||||
| CVE-2005-4855 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks. | ||||
| CVE-2002-2360 | 1 Webmin | 1 Webmin | 2025-04-03 | N/A |
| The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | ||||
| CVE-2006-3084 | 2 Heimdal, Mit | 2 Heimdal, Kerberos 5 | 2025-04-03 | N/A |
| The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. | ||||
| CVE-2006-0114 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. | ||||
| CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2025-04-03 | N/A |
| The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. | ||||
| CVE-2006-3443 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." | ||||
| CVE-2006-2373 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2025-04-03 | N/A |
| The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." | ||||
| CVE-2005-1425 | 1 Uapplication | 1 Uguestbook | 2025-04-03 | N/A |
| Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. | ||||
| CVE-2002-2353 | 1 Tftpd32 | 1 Tftpd32 | 2025-04-03 | N/A |
| tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. | ||||
| CVE-2005-4853 | 1 Ez | 1 Ez Publish | 2025-04-03 | N/A |
| The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings. | ||||
| CVE-1999-0496 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. | ||||
| CVE-1999-0344 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| NT users can gain debug-level access on a system process using the Sechole exploit. | ||||
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | ||||
| CVE-2005-2072 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | ||||
| CVE-2006-1888 | 1 Phpgraphy | 1 Phpgraphy | 2025-04-03 | N/A |
| phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. | ||||
| CVE-2005-2555 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||||
| CVE-2004-0793 | 1 Debian | 1 Bsdmainutils | 2025-04-03 | N/A |
| The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file. | ||||
| CVE-2006-1119 | 2 Cpanel, Netenberg | 2 Cpanel, Fantastico De Luxe | 2025-04-03 | N/A |
| fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message. | ||||
| CVE-2021-36879 | 1 Stylemixthemes | 1 Ulisting | 2025-03-28 | 9.8 Critical |
| Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. | ||||