Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1682 | 1 Solstice | 1 Solstice Internet Mail Server | 2025-04-03 | 2.1 LOW | N/A |
|
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
|
|||||
| CVE-2005-3055 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
|
|||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module.
|
|||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2025-04-03 | 9.3 HIGH | N/A |
|
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2003-1425 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 10.0 HIGH | N/A |
|
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
|
|||||
| CVE-2002-1175 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.
|
|||||
| CVE-1999-0726 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.8 HIGH | N/A |
|
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
|
|||||
| CVE-2006-0298 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 5.8 MEDIUM | N/A |
|
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
|
|||||
| CVE-2003-1440 | 1 Burton Computer Corporation | 1 Spamprobe | 2025-04-03 | 4.3 MEDIUM | N/A |
|
SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
|
|||||
| CVE-1999-0265 | 2 Microware, Novell | 2 Os-9, Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICMP redirect messages may crash or lock up a host.
|
|||||
| CVE-2001-0509 | 1 Microsoft | 4 Exchange Server, Sql Server, Windows 2000 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
|
|||||
| CVE-2003-1403 | 1 Dotbr | 1 Botbr | 2025-04-03 | 7.5 HIGH | N/A |
|
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
|
|||||
| CVE-2004-2649 | 1 Eudora | 1 Eudora | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as " ") in the middle of the URL.
|
|||||
| CVE-2006-2223 | 1 Quagga | 1 Quagga | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
|
|||||
| CVE-2004-1675 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
|
|||||
| CVE-2005-0904 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
|
|||||
| CVE-2002-2314 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
|
|||||
| CVE-2003-1025 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
|
|||||
| CVE-2006-1729 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Mozilla Suite and 1 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
|
|||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
|
|||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
|
|||||
| CVE-2006-1721 | 1 Cyrus | 1 Sasl | 2025-04-03 | 2.6 LOW | N/A |
|
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
|
|||||
| CVE-2006-4310 | 1 Mozilla | 1 Firefox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
|
|||||
| CVE-2002-2421 | 1 Andrey Cherezov | 1 Acweb | 2025-04-03 | 7.8 HIGH | N/A |
|
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
|
|||||
| CVE-2006-1192 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
|
|||||
| CVE-2005-2405 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
|
|||||
| CVE-2003-1003 | 1 Cisco | 2 Pix Firewall, Pix Firewall Software | 2025-04-03 | 7.8 HIGH | N/A |
|
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
|
|||||
| CVE-2004-0244 | 1 Cisco | 1 Ios | 2025-04-03 | 4.7 MEDIUM | N/A |
|
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
|
|||||
| CVE-2006-0340 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.
|
|||||
| CVE-2004-2706 | 1 Phrozensmoke | 1 Gyach Enhanced | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
|
|||||
| CVE-2002-2420 | 1 Independent Solution | 2 Simple Site Searcher, Super Site Searcher | 2025-04-03 | 7.5 HIGH | N/A |
|
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
|
|||||
| CVE-2005-1628 | 1 Web-app.org | 1 Webapp | 2025-04-03 | 7.5 HIGH | N/A |
|
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
|
|||||
| CVE-2002-1663 | 1 Monkey-project | 1 Monkey | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
|
|||||
| CVE-2006-4301 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
|
|||||
| CVE-2003-1463 | 2 Alt-n, Microsoft | 2 Webadmin, All Windows | 2025-04-03 | 3.5 LOW | N/A |
|
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
|
|||||
| CVE-2003-1471 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 6.3 MEDIUM | N/A |
|
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
|
|||||
| CVE-2006-4340 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. ...
Show More |
|||||
| CVE-2002-2236 | 1 Apt-www-proxy | 1 Apt-www-proxy | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-4466 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!.
|
|||||
| CVE-1999-0001 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
|
|||||