Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1968 | 1 Kcscripts | 2 Kcscripts News Publisher, Portal Pack | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.
|
|||||
| CVE-2002-1802 | 1 Xoops | 1 Xoops | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.
|
|||||
| CVE-2001-1192 | 1 Citrix | 1 Ica Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
|
|||||
| CVE-2006-4831 | 1 Iodine | 1 Iodine | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
|
|||||
| CVE-2005-2387 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute arbitrary code via (1) a RCPT TO command with a long DNS name, or (2) a large number of RCPT TO commands with a long e-mail name arugment in the last command.
|
|||||
| CVE-2005-3298 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2004-1993 | 1 Omail | 1 Omail Webmail | 2025-04-03 | 10.0 HIGH | N/A |
|
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
|
|||||
| CVE-2001-0564 | 1 Apc | 1 Ap9606 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
|
|||||
| CVE-2005-3414 | 1 Eyeos Project | 1 Eyeos | 2025-04-03 | 7.5 HIGH | N/A |
|
eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials.
|
|||||
| CVE-2005-0601 | 1 Cisco | 1 Application And Content Networking Software | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers to gain access.
|
|||||
| CVE-1999-1554 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
|
|||||
| CVE-2005-0823 | 1 Thepoolclub | 2 Ipool, Isnooker | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges.
|
|||||
| CVE-2003-0932 | 1 Omega-rpg | 1 Omega-rpg | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable.
|
|||||
| CVE-2004-2477 | 1 Diamondcs | 1 Process Guard Free | 2025-04-03 | 2.1 LOW | N/A |
|
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
|
|||||
| CVE-2006-4306 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.
|
|||||
| CVE-2005-2984 | 1 Data Center Resources | 1 Avocent | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port.
|
|||||
| CVE-2005-0280 | 1 Jowood Productions | 1 Soldner Secret Wars | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message.
|
|||||
| CVE-2006-3411 | 1 Tor | 1 Tor | 2025-04-03 | 6.4 MEDIUM | N/A |
|
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.
|
|||||
| CVE-2005-2466 | 1 Openbook | 1 Openbook | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
|
|||||
| CVE-2002-1973 | 2 Microsoft, Working Resources Inc. | 2 Foundation Class Library, Badblue | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
|
|||||
| CVE-2005-4835 | 1 Madwifi | 1 Madwifi | 2025-04-03 | 7.1 HIGH | N/A |
|
The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.
|
|||||
| CVE-2005-4709 | 1 Jboss | 1 Enterprise Java Beans | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.
|
|||||
| CVE-2006-0913 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.5 MEDIUM | N/A |
|
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
|
|||||
| CVE-2002-1467 | 1 Macromedia | 2 Flash Player, Shockwave | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).
|
|||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
|
|||||
| CVE-2005-4654 | 1 Hp | 1 Oracle For Openview | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to.
|
|||||
| CVE-2004-0820 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
|
|||||
| CVE-2005-4710 | 1 Autodesk | 18 3ds Max, Architectural Desktop, Autocad and 15 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
|
|||||
| CVE-1999-0109 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ffbconfig in Solaris 2.5.1.
|
|||||
| CVE-2001-0327 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.
|
|||||
| CVE-2006-1325 | 1 Streber | 1 Streber | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2005-0987 | 1 Irc Services | 1 Nickserv Listlinks | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick.
|
|||||
| CVE-2002-1725 | 1 Onlinetools.org | 1 Phpimageview | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain sensitive information via the pw=show option, which invokes the phpinfo function.
|
|||||
| CVE-2006-0127 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command.
|
|||||
| CVE-2005-0908 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php.
|
|||||
| CVE-2000-0629 | 1 Sun | 1 Java System Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
|
|||||
| CVE-2004-1384 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
|
|||||
| CVE-2005-0765 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2005-3506 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field.
|
|||||
| CVE-2006-0829 | 1 E-blah | 1 Platinum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log".
|
|||||