Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1109 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.
|
|||||
| CVE-2003-0043 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
|
|||||
| CVE-2005-1768 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.7 LOW | N/A |
|
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
|
|||||
| CVE-2006-3685 | 1 Czaries Network | 1 Czarnews | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.
|
|||||
| CVE-2005-3272 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
|
|||||
| CVE-2005-2491 | 1 Pcre | 1 Pcre | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
|
|||||
| CVE-1999-1394 | 1 Bsd | 1 Bsd | 2025-04-03 | 2.1 LOW | N/A |
|
BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device.
|
|||||
| CVE-2002-0716 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
|
|||||
| CVE-2005-3864 | 1 Berlios | 1 Sourcewell | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.
|
|||||
| CVE-2002-1934 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leaks sensitive information during boot-up, which allows attackers to obtain the MD5 hash of the Admin password, MD5 hash of the physical password, and other registration information.
|
|||||
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
|
|||||
| CVE-2005-3974 | 1 Drupal | 1 Drupal | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
|
|||||
| CVE-2002-0947 | 1 Oracle | 2 Application Server, Reports | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
|
|||||
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.
|
|||||
| CVE-2005-3030 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive.
|
|||||
| CVE-2005-0392 | 1 Debian | 1 Ppxp | 2025-04-03 | 7.2 HIGH | N/A |
|
ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands.
|
|||||
| CVE-2005-3260 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.
|
|||||
| CVE-1999-0933 | 1 Teamshare | 1 Teamtrack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-1999-0717 | 1 Microsoft | 5 Excel, Windows 2000, Windows 95 and 2 more | 2025-04-03 | 2.6 LOW | N/A |
|
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
|
|||||
| CVE-2006-2993 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp.
|
|||||
| CVE-2005-1201 | 1 Azbb | 1 Az Bulletin Board | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
|
|||||
| CVE-2003-0288 | 1 Hiroaki Shirouzu | 1 Ip Messenger | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file.
|
|||||
| CVE-2003-1064 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
|
|||||
| CVE-2005-2992 | 1 Arc | 1 Arc | 2025-04-03 | 2.1 LOW | N/A |
|
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
|
|||||
| CVE-2004-2039 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
|
|||||
| CVE-2005-2769 | 1 Inter7 | 1 Sqwebmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.
|
|||||
| CVE-2005-1458 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.
|
|||||
| CVE-2005-1714 | 1 Netwin | 1 Surgemail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2001-0026 | 1 Roaring Penguin | 1 Pppoe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
|
|||||
| CVE-2004-1195 | 1 Lucasarts | 1 Star Wars Battlefront | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory.
|
|||||
| CVE-2000-0728 | 1 Xpdf | 1 Xpdf | 2025-04-03 | 7.2 HIGH | N/A |
|
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-1999-0334 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
|
|||||
| CVE-2005-4776 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
|
|||||
| CVE-2000-0685 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
|
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
|
|||||
| CVE-1999-0635 | 2025-04-03 | N/A | N/A | ||
|
The echo service is running.
|
|||||
| CVE-2003-0028 | 10 Cray, Freebsd, Gnu and 7 more | 13 Unicos, Freebsd, Glibc and 10 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
|
|||||
| CVE-2003-0856 | 1 Stephen Hemminger | 1 Iproute | 2025-04-03 | 4.9 MEDIUM | N/A |
|
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.
|
|||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 7.5 HIGH | N/A |
|
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script.
|
|||||
| CVE-2005-2927 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.
|
|||||
| CVE-1999-1183 | 1 Sgi | 1 Irix | 2025-04-03 | 7.6 HIGH | N/A |
|
System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.
|
|||||