Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0640 1 Orbicule 1 Undercover 2025-04-03 N/A
Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon.
CVE-2005-3026 1 Alstrasoft 1 Epay 2025-04-03 N/A
Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
CVE-2002-0700 1 Microsoft 1 Content Management Server 2025-04-03 N/A
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
CVE-2005-3027 1 Sybari 1 Antigen 2025-04-03 N/A
Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment".
CVE-2006-0642 1 Trend Micro 3 Interscan Messaging Security Suite, Interscan Web Security Suite, Serverprotect 2025-04-03 N/A
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.
CVE-2006-1276 1 Himpfen Consulting 1 Php Simplenews 2025-04-03 N/A
admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.
CVE-2005-3029 1 Ahnlab 3 V3 Virusblock 2005, V3net, V3pro 2004 2025-04-03 N/A
Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive.
CVE-2006-0643 1 Wiredred 1 E Pop Web Conferencing 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference.
CVE-2005-3030 1 Ahnlab 3 V3 Virusblock 2005, V3net, V3pro 2004 2025-04-03 N/A
Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive.
CVE-2005-3034 1 Compuware 1 Driverstudio 2025-04-03 N/A
Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session.
CVE-2005-3042 2 Usermin, Webmin 2 Usermin, Webmin 2025-04-03 N/A
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
CVE-2002-1417 1 Novell 2 Netware, Small Business Suite 2025-04-03 N/A
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.
CVE-2005-3124 1 Acme Labs 1 Thttpd 2025-04-03 N/A
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
CVE-2006-0665 1 Mantis 1 Mantis 2025-04-03 N/A
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
CVE-2005-3129 1 S9y 1 Serendipity 2025-04-03 N/A
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
CVE-2006-0666 1 Ibm 1 Aix 2025-04-03 N/A
Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
CVE-2005-3130 1 Lucidcms 1 Lucidcms 2025-04-03 N/A
SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.
CVE-2006-0668 1 Pwsphp 1 Pwsphp 2025-04-03 N/A
SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-3133 2 Icewarp, Merak 2 Web Mail, Mail Server 2025-04-03 N/A
Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html.
CVE-2005-3141 1 Cerulean Studios 1 Trillian 2025-04-03 N/A
Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.