Total
29099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33198 | 1 Oxilab | 1 Accordions | 2024-09-17 | 9.8 Critical |
| Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | ||||
| CVE-2020-8968 | 1 Parallels | 1 Remote Application Server | 2024-09-17 | 7.1 High |
| Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password. | ||||
| CVE-2012-6471 | 1 Opera | 1 Opera Browser | 2024-09-17 | N/A |
| Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP requests. | ||||
| CVE-2005-1691 | 1 Sap | 1 Sap R 3 | 2024-09-17 | N/A |
| Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | ||||
| CVE-2005-2859 | 1 Savant | 1 Savant Webserver | 2024-09-17 | N/A |
| Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges. | ||||
| CVE-2002-1931 | 1 Php Arena | 1 Pafiledb | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. | ||||
| CVE-2022-1667 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-09-17 | 7.5 High |
| Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script | ||||
| CVE-2012-5380 | 1 Ruby-lang | 1 Ruby | 2024-09-17 | 6.7 Medium |
| Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation | ||||
| CVE-2005-2134 | 1 Netbsd | 1 Netbsd | 2024-09-17 | N/A |
| The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error. | ||||
| CVE-2002-2205 | 1 Webresolve | 1 Webresolve | 2024-09-17 | N/A |
| Buffer overflow in Webresolve 0.1.0 and earlier allows remote attackers to execute arbitrary code by connecting to the server from an IP address that resolves to a long hostname. | ||||
| CVE-2002-1583 | 1 Ibm | 1 Db2 Universal Database | 2024-09-17 | N/A |
| Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. | ||||
| CVE-2006-5569 | 1 Datawizard | 1 Ftpxq | 2024-09-17 | N/A |
| FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1656 | 1 Vserver | 1 Util-vserver | 2024-09-17 | N/A |
| vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root. | ||||
| CVE-2003-1246 | 1 Pedestal Software | 1 Integrity Protection Driver | 2024-09-17 | N/A |
| NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command. | ||||
| CVE-2020-9668 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-09-17 | 7.8 High |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user. | ||||
| CVE-2002-1784 | 1 Hp | 1 Tru64 | 2024-09-17 | N/A |
| Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors. | ||||
| CVE-2009-2165 | 1 Serendipitynz | 1 Serene Bach | 2024-09-17 | N/A |
| SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | ||||
| CVE-2003-0732 | 1 Cisco | 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more | 2024-09-17 | N/A |
| CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. | ||||
| CVE-2006-7009 | 1 Joomla | 1 Joomla | 2024-09-17 | N/A |
| Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | ||||
| CVE-2005-1781 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2024-09-17 | N/A |
| Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash). | ||||