Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3792 | 1 Ufo2000 | 1 Ufo2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function.
|
|||||
| CVE-2005-2472 | 1 Netcplus | 1 Businessmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.
|
|||||
| CVE-2000-0772 | 1 Tumbleweed | 1 Messaging Management System | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.
|
|||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2025-04-03 | 7.5 HIGH | N/A |
|
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.
|
|||||
| CVE-2001-0822 | 1 Packet Knights | 1 Fpf Linux Kernel Module | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
|
|||||
| CVE-2002-1594 | 2 Grpck, Pwck | 2 Grpck, Pwck | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
|
|||||
| CVE-2001-1097 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
|
|||||
| CVE-2006-4256 | 1 Horde | 1 Application Framework | 2025-04-03 | 4.3 MEDIUM | N/A |
|
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
|
|||||
| CVE-2005-2839 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php.
|
|||||
| CVE-2000-0909 | 1 University Of Washington | 1 Pine | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
|
|||||
| CVE-1999-0872 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
|
|||||
| CVE-2000-0647 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.
|
|||||
| CVE-2004-1961 | 1 Protector System | 1 Protector System | 2025-04-03 | 7.5 HIGH | N/A |
|
blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27").
|
|||||
| CVE-2006-3033 | 1 Myscrapbook | 1 Myscrapbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages.
|
|||||
| CVE-2004-1550 | 1 Motorola | 1 Wr850g | 2025-04-03 | 7.5 HIGH | N/A |
|
Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.
|
|||||
| CVE-2006-4283 | 1 Solmetra | 1 Spaw Editor | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.
|
|||||
| CVE-2002-0962 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via (1) the url variable in the Link field of a calendar event, (2) the topic parameter in index.php, or (3) the title parameter in comment.php.
|
|||||
| CVE-2006-2041 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-2925 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.
|
|||||
| CVE-2005-4164 | 1 Widgetmonkey | 1 Php-addressbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2002-1418 | 1 Novell | 2 Netware, Small Business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.
|
|||||
| CVE-2006-2096 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 5.0 MEDIUM | N/A |
|
plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.
|
|||||
| CVE-2004-1807 | 1 Dogpatch Software | 1 Cfwebstore | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2000-0981 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.2 HIGH | N/A |
|
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
|
|||||
| CVE-2005-3038 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 allows remote attackers to list and read contents of arbitrary drives, related to "the PHP vulnerability."
|
|||||
| CVE-2002-1939 | 1 Flashfxp | 1 Flashfxp | 2025-04-03 | 2.1 LOW | N/A |
|
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.
|
|||||
| CVE-2005-0384 | 4 Redhat, Suse, Trustix and 1 more | 4 Enterprise Linux, Suse Linux, Secure Linux and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
|
|||||
| CVE-2001-1231 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
|
|||||
| CVE-2004-1699 | 1 Pinnacle Systems | 1 Showcenter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.
|
|||||
| CVE-2003-0161 | 4 Compaq, Hp, Sendmail and 1 more | 9 Tru64, Hp-ux, Hp-ux Series 700 and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
|
|||||
| CVE-2000-1229 | 1 Phorum | 1 Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
|
|||||
| CVE-2001-0990 | 1 Inter7 | 1 Vpopmail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
|
|||||
| CVE-2006-4972 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
|
|||||
| CVE-2001-0504 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
|
|||||
| CVE-2004-2439 | 1 Hp | 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.
|
|||||
| CVE-2005-4175 | 1 Insyde | 1 Insyde Bios | 2025-04-03 | 2.1 LOW | N/A |
|
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
|
|||||
| CVE-2005-3115 | 1 Mpeg-tools | 1 Mpeg-tools | 2025-04-03 | 2.1 LOW | N/A |
|
mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN].
|
|||||
| CVE-2001-1203 | 1 Alessandro Rubini | 1 Gpm | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.
|
|||||
| CVE-2004-1028 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.
|
|||||
| CVE-2002-0153 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
|
|||||