Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4381 | 1 Caravel Cms | 1 Caravel Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.
|
|||||
| CVE-2005-2280 | 1 Cisco | 1 Security Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.
|
|||||
| CVE-2006-0937 | 1 Unu Networks | 1 Mailgust | 2025-04-03 | 5.0 MEDIUM | N/A |
|
U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password.
|
|||||
| CVE-2006-2863 | 1 Cs-cart | 1 Cs-cart | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
|
|||||
| CVE-2001-0404 | 1 Sun | 1 Javaserver Web Dev Kit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
|
|||||
| CVE-2002-1695 | 2 Microsoft, Symantec | 3 Internet Information Server, Internet Information Services, Norton Internet Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
|
|||||
| CVE-2004-2198 | 1 Duware | 1 Duclassmate | 2025-04-03 | 6.4 MEDIUM | N/A |
|
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
|
|||||
| CVE-2006-3219 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
|
|||||
| CVE-2005-3079 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.6 MEDIUM | N/A |
|
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection.
|
|||||
| CVE-2004-0693 | 1 Trolltech | 1 Qt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
|
|||||
| CVE-2006-0447 | 1 E-post Corporation | 3 Mail Server, Smtp Server, Spa-pro Mail Atsolomon | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.
|
|||||
| CVE-2005-4524 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
|
|||||
| CVE-2006-3470 | 1 Dell | 1 Openmanage Cd | 2025-04-03 | 7.5 HIGH | N/A |
|
The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.
|
|||||
| CVE-2006-1348 | 1 Greg Neustaetter | 1 Gcards | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
|
|||||
| CVE-2003-0970 | 1 Sun | 1 Sun Fire | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
|
|||||
| CVE-2005-0684 | 1 Mysql | 1 Maxdb | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
|
|||||
| CVE-1999-1576 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method.
|
|||||
| CVE-2001-0262 | 1 Netscape | 1 Smartdownload | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
|
|||||
| CVE-2005-1008 | 1 Asp-dev | 1 Xm Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag.
|
|||||
| CVE-2004-1216 | 1 Burut | 1 Kreed | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game.
|
|||||
| CVE-2002-0164 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges.
|
|||||
| CVE-2002-1953 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.
|
|||||
| CVE-2002-0149 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
|
|||||
| CVE-1999-0902 | 1 Linux-nis | 1 Ypserv | 2025-04-03 | 7.2 HIGH | N/A |
|
ypserv allows local administrators to modify password tables.
|
|||||
| CVE-1999-0008 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in NIS+, in Sun's rpc.nisd program.
|
|||||
| CVE-2005-4145 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | 6.5 MEDIUM | N/A |
|
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
|
|||||
| CVE-2005-1434 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2006-1952 | 1 Winagents | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request.
|
|||||
| CVE-2006-1115 | 1 Ncipher | 3 Chil, Mscapi Csp, Ncipher Software Cd | 2025-04-03 | 2.6 LOW | N/A |
|
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
|
|||||
| CVE-2006-2070 | 1 Mybb | 1 Devbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action.
|
|||||
| CVE-2005-1557 | 1 Pixysoft | 1 Guestbook Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.
|
|||||
| CVE-2001-1074 | 1 Webmin | 1 Webmin | 2025-04-03 | 7.2 HIGH | N/A |
|
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
|
|||||
| CVE-2001-0393 | 1 Navision | 1 Financials Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.
|
|||||
| CVE-2006-4209 | 1 Webinsta | 1 Mailing List Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter.
|
|||||
| CVE-2002-0767 | 1 Richard Gooch | 1 Simpleinit | 2025-04-03 | 7.2 HIGH | N/A |
|
simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.
|
|||||
| CVE-2005-2562 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
|
|||||
| CVE-2003-0663 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
|
|||||
| CVE-2001-1057 | 1 Wolfram Research | 1 Mathematica | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
|
|||||
| CVE-2005-0752 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
|
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
|
|||||
| CVE-2001-0596 | 1 Netscape | 1 Communicator | 2025-04-03 | 7.5 HIGH | N/A |
|
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
|
|||||