Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1911 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
|
|||||
| CVE-1999-0430 | 1 Cisco | 3 Catalyst 12xx Supervisor Software, Catalyst 29xx Supervisor Software, Catalyst 5xxx Supervisor Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.
|
|||||
| CVE-2004-1966 | 1 Openbb | 1 Openbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
|
|||||
| CVE-2005-3111 | 1 Debian | 1 Backupninja | 2025-04-03 | 2.1 LOW | N/A |
|
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2005-3761 | 1 Exponent | 1 Exponent | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer.
|
|||||
| CVE-2004-2080 | 1 Red-m | 1 Red-alert | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
|
|||||
| CVE-2006-4963 | 1 Exponent | 1 Exponent Cms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
|
|||||
| CVE-2000-0319 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
|
|||||
| CVE-2004-2365 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
|
|||||
| CVE-2003-0693 | 1 Openbsd | 1 Openssh | 2025-04-03 | 10.0 HIGH | N/A |
|
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
|
|||||
| CVE-2003-1032 | 1 Pi3 | 1 Pi3web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
|
|||||
| CVE-2005-3619 | 1 Vmware | 1 Esx | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
|
|||||
| CVE-2004-0881 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2025-04-03 | 2.1 LOW | N/A |
|
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
|
|||||
| CVE-2001-1343 | 1 Cgicentral | 2 Webstore 400, Webstore 400cs | 2025-04-03 | 7.5 HIGH | N/A |
|
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
|
|||||
| CVE-2002-1738 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.
|
|||||
| CVE-2004-1176 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2000-0669 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
|
|||||
| CVE-2005-4828 | 1 Kolab | 1 Kolab Groupware Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.
|
|||||
| CVE-2003-0748 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.
|
|||||
| CVE-2005-1030 | 1 Active Web Softwares | 1 Active Auction House | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.
|
|||||
| CVE-2002-1308 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
|
|||||
| CVE-2002-0530 | 1 Novell | 1 Web Search | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.
|
|||||
| CVE-2002-0266 | 1 Thunderstone Software | 1 Texis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.
|
|||||
| CVE-2005-2436 | 1 Website Baker | 1 Website Baker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message.
|
|||||
| CVE-2006-0189 | 1 Estara | 1 Softphone | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
|
|||||
| CVE-2002-0523 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.
|
|||||
| CVE-2003-1162 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
|
|||||
| CVE-2006-3843 | 1 Mambo | 1 Mambo Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
|
|||||
| CVE-2003-0744 | 1 Leafnode | 1 Leafnode | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.
|
|||||
| CVE-2000-0903 | 1 Qnx | 1 Voyager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-0689 | 1 Jimmy | 1 The Includer | 2025-04-03 | 7.5 HIGH | N/A |
|
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
|
|||||
| CVE-2006-1516 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
|
|||||
| CVE-1999-1416 | 1 Inso | 1 Dwhttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length.
|
|||||
| CVE-2005-2302 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 2.1 LOW | N/A |
|
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
|
|||||
| CVE-2006-1447 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
|
|||||
| CVE-2006-1415 | 1 Dotnetbb | 1 Dotnetbb Forums | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter.
|
|||||
| CVE-2005-3843 | 1 Nicecoder | 1 Idesk | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2004-2014 | 1 Gnu | 1 Wget | 2025-04-03 | 2.6 LOW | N/A |
|
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
|
|||||
| CVE-2006-1021 | 1 Pehepe | 2 Membership Management System, Uyelik Sistemi | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable).
|
|||||
| CVE-2006-3409 | 1 Tor | 1 Tor | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.
|
|||||