Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2136 | 1 Aznews | 1 Aznews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2000-0225 | 1 Deti Fliegl | 1 Poc32 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.
|
|||||
| CVE-2006-4378 | 1 Joomla | 1 Rssxt Component | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other ...
Show More |
|||||
| CVE-2001-0242 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.
|
|||||
| CVE-2004-2426 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
|
|||||
| CVE-2003-1516 | 1 Sun | 1 Java Plug-in | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
|
|||||
| CVE-2003-0774 | 1 Sane | 2 Sane, Sane-backend | 2025-04-03 | 7.5 HIGH | N/A |
|
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
|
|||||
| CVE-2004-1994 | 1 E-zone Media Inc. | 1 Fusetalk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm.
|
|||||
| CVE-2005-1348 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
|
|||||
| CVE-2001-0930 | 1 Sendpage | 1 Sendpage.pl | 2025-04-03 | 7.5 HIGH | N/A |
|
Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters.
|
|||||
| CVE-2005-1204 | 1 Nelso Software | 1 Desktop Rover | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access.
|
|||||
| CVE-2005-0324 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.
|
|||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.
|
|||||
| CVE-2004-2574 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
|
|||||
| CVE-1999-0792 | 1 Osicom | 1 Routermate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration.
|
|||||
| CVE-2005-2982 | 1 Compaq | 1 Compaqhttpserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.
|
|||||
| CVE-2006-1155 | 1 Manas Tungare | 1 Site Membership Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp.
|
|||||
| CVE-2002-1350 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 7.5 HIGH | N/A |
|
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-1999-0863 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.
|
|||||
| CVE-2006-1271 | 1 Oxynews | 1 Oxynews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter.
|
|||||
| CVE-2006-2364 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
|
|||||
| CVE-1999-1398 | 1 Sgi | 1 Irix | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
|
|||||
| CVE-2004-1779 | 1 Thwboard | 1 Thwboard Beta | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.
|
|||||
| CVE-2001-1399 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
|
|||||
| CVE-2004-1595 | 1 Shixxnote | 1 Shixxnote | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
|
|||||
| CVE-2006-1989 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
|
|||||
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php.
|
|||||
| CVE-2002-0028 | 1 Mirabilis | 1 Icq | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
|
|||||
| CVE-2006-4384 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
|
|||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2005-2617 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
|
|||||
| CVE-2006-2033 | 1 Corenews | 1 Corenews | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.
|
|||||
| CVE-2005-0220 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
|
|||||
| CVE-2001-1103 | 1 Rhinosoft | 1 Ftp Voyager | 2025-04-03 | 7.5 HIGH | N/A |
|
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
|
|||||
| CVE-2001-0078 | 1 Sun | 1 Cluster | 2025-04-03 | 2.1 LOW | N/A |
|
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
|
|||||
| CVE-2000-0729 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
|
|||||
| CVE-2001-0825 | 1 Xinetd | 1 Xinetd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
|
|||||
| CVE-2005-4299 | 1 Atlantpro.com | 1 Atlant Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.
|
|||||
| CVE-2004-1581 | 1 Blackboard | 1 Blackboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.
|
|||||