Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0036 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
|
|||||
| CVE-2004-0082 | 1 Samba | 1 Samba | 2025-04-03 | 7.5 HIGH | N/A |
|
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
|
|||||
| CVE-2004-0501 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.
|
|||||
| CVE-2006-1572 | 1 O2php.com | 1 Oxygen | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.
|
|||||
| CVE-2001-1574 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-1029 | 1 Active Web Softwares | 1 Active Auction House | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
|
|||||
| CVE-2002-1860 | 1 Pramati | 1 Pramati Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
|
|||||
| CVE-2006-1678 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
|
|||||
| CVE-2000-0756 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
|
|||||
| CVE-2005-4601 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.5 HIGH | N/A |
|
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
|
|||||
| CVE-2001-0017 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
|
|||||
| CVE-2005-1364 | 1 Metalinks | 1 Metabid Auctions | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.
|
|||||
| CVE-2003-0353 | 1 Microsoft | 1 Data Access Components | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
|
|||||
| CVE-2005-1397 | 1 Php-calendar | 1 Php-calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2003-0809 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
|
|||||
| CVE-2004-2507 | 1 Linksys | 1 Wvc11b | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
|
|||||
| CVE-2000-1155 | 1 Joe Kloss | 1 Robinhood | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
|
|||||
| CVE-2005-0704 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
|
|||||
| CVE-2006-1892 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 4.9 MEDIUM | N/A |
|
avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory.
|
|||||
| CVE-1999-0864 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
|
|||||
| CVE-2001-0268 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
|
|||||
| CVE-1999-1262 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.
|
|||||
| CVE-2001-0515 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
|
|||||
| CVE-2000-0775 | 1 Robtex | 1 Viking Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers.
|
|||||
| CVE-1999-0814 | 1 Redhat | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.
|
|||||
| CVE-2005-4238 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
|
|||||
| CVE-2005-0341 | 1 Apple | 1 Safari | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.
|
|||||
| CVE-2006-1689 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.
|
|||||
| CVE-1999-0707 | 1 Hp | 2 Hp-ux, Visualize Conference Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
|
|||||
| CVE-2006-1261 | 1 Aspportal | 1 Aspportal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2005-3437 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01.
|
|||||
| CVE-2006-3385 | 1 Vincent Leclercq | 1 News | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
|
|||||
| CVE-2002-2091 | 1 Decfingerd | 1 Decfingerd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
|
|||||
| CVE-2001-0641 | 3 Immunix, Redhat, Suse | 3 Immunix, Linux, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
|
|||||
| CVE-2002-0624 | 1 Microsoft | 2 Msde, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
|
|||||
| CVE-2001-0540 | 1 Microsoft | 1 Terminal Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
|
|||||
| CVE-2001-1316 | 1 Teamware | 1 Teamware Office | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2005-2079 | 1 Symantec Veritas | 1 Backup Exec | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-3790 | 1 Ufo2000 | 1 Ufo2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read.
|
|||||
| CVE-2000-0507 | 1 Concatus | 1 Imate Webmail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
|
|||||