Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2450 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
|
|||||
| CVE-2006-0214 | 1 Indexcor | 1 Ezdatabase | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
|
|||||
| CVE-2001-0816 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
|
|||||
| CVE-2006-4871 | 1 Keyvan1 | 1 Eshoppingpro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2006-2183 | 1 Truecrypt Foundation | 1 Truecrypt | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
|
|||||
| CVE-1999-1145 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.
|
|||||
| CVE-2005-0677 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.
|
|||||
| CVE-2006-1608 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
|
|||||
| CVE-2001-1408 | 1 Cobalt | 2 Qube, Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
|
|||||
| CVE-2002-0163 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
|
|||||
| CVE-2006-3209 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation
|
|||||
| CVE-2005-2170 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.
|
|||||
| CVE-2000-0932 | 1 Clearswift | 1 Mailsweeper For Smtp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.
|
|||||
| CVE-2000-0908 | 1 Netcplus | 1 Browsegate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.
|
|||||
| CVE-2006-3499 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.
|
|||||
| CVE-2002-1641 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-1796 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
|
|||||
| CVE-2001-1279 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
|
|||||
| CVE-1999-0422 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.
|
|||||
| CVE-2006-0122 | 1 Aquifer Cms | 1 Aquifer Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.
|
|||||
| CVE-1999-1483 | 1 Svgalib | 1 Svgalib | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
|
|||||
| CVE-2005-2756 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
|
|||||
| CVE-2001-0211 | 1 Silverplatter | 1 Webspirs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter.
|
|||||
| CVE-2004-1053 | 1 Freebsd | 1 Fetch | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
|
|||||
| CVE-2004-1326 | 1 Ultrix | 1 Dxterm | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute arbitrary code via a long -setup parameter.
|
|||||
| CVE-2006-0083 | 1 Stefan Frings | 1 Sms Server Tools | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.
|
|||||
| CVE-2006-0202 | 1 Paypal | 1 Php Toolkit | 2025-04-03 | 3.6 LOW | N/A |
|
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
|
|||||
| CVE-1999-0704 | 3 Bsdi, Freebsd, Redhat | 3 Bsd Os, Freebsd, Linux | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
|
|||||
| CVE-2006-3991 | 1 Voc-project | 1 Voodoo Chat | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter.
|
|||||
| CVE-2006-0588 | 1 Jaia Interactive | 1 Mytopix | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters.
|
|||||
| CVE-2003-0508 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.
|
|||||
| CVE-2006-1067 | 1 Linksys | 1 Wrt54g V5 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.
|
|||||
| CVE-2003-1163 | 1 Ganglia | 1 Gmond | 2025-04-03 | 5.0 MEDIUM | N/A |
|
hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
|
|||||
| CVE-2002-0550 | 1 Gcf | 1 Dynamic Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary code via shell metacharacters in the gbdaten parameter.
|
|||||
| CVE-2002-0520 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.
|
|||||
| CVE-2000-0095 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.
|
|||||
| CVE-2005-3833 | 1 Tunez | 1 Tunez | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.
|
|||||
| CVE-2005-2691 | 1 Runcms | 1 Runcms | 2025-04-03 | 7.5 HIGH | N/A |
|
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
|
|||||
| CVE-2001-0333 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
|
|||||
| CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.
|
|||||