Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
|
|||||
| CVE-2000-0190 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value.
|
|||||
| CVE-2000-0243 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.
|
|||||
| CVE-2003-0281 | 1 Firebirdsql | 1 Firebird | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
|
|||||
| CVE-2002-0869 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."
|
|||||
| CVE-2004-1293 | 1 Rtf2latex2e | 1 Rtf2latex2e | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file.
|
|||||
| CVE-2000-0066 | 1 Oreilly | 1 Website Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
|
|||||
| CVE-2006-1252 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.
|
|||||
| CVE-2001-0214 | 1 Way | 1 Way-board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte.
|
|||||
| CVE-2000-1081 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
|
|||||
| CVE-2005-0359 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
|
|||||
| CVE-2005-1614 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
|
|||||
| CVE-2001-0944 | 1 Khaled Mardam-bey | 1 Mirc | 2025-04-03 | 7.2 HIGH | N/A |
|
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process.
|
|||||
| CVE-2005-0564 | 1 Microsoft | 1 Word | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
|
|||||
| CVE-2002-1445 | 1 W3c | 1 Cern Httpd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
|
|||||
| CVE-1999-0237 | 1 Webcom | 1 Cgi Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Remote execution of arbitrary commands through Guestbook CGI program.
|
|||||
| CVE-1999-1504 | 1 Stalker | 1 Stalker Internet Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stalker Internet Mail Server 1.6 allows a remote attacker to cause a denial of service (crash) via a long HELO command.
|
|||||
| CVE-2004-0033 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.
|
|||||
| CVE-2004-2657 | 1 Mozilla | 1 Firefox | 2025-04-03 | 1.7 LOW | N/A |
|
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner d ...
Show More |
|||||
| CVE-2006-1257 | 1 Microsoft | 1 Commerce Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
|
|||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.
|
|||||
| CVE-2000-0020 | 1 Man And Mice | 1 Dns Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.
|
|||||
| CVE-2002-2109 | 1 Matt Wright | 1 Formmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.
|
|||||
| CVE-1999-0115 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
AIX bugfiler program allows local users to gain root access.
|
|||||
| CVE-2005-2390 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
|
|||||
| CVE-1999-1047 | 1 Bsdi | 1 Gauntlet | 2025-04-03 | 7.5 HIGH | N/A |
|
When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.
|
|||||
| CVE-1999-0823 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
|
|||||
| CVE-2002-0256 | 1 Arescom | 1 Netdsl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop.
|
|||||
| CVE-2006-0046 | 1 Cameron Simpson | 1 Adzapper | 2025-04-03 | 7.8 HIGH | N/A |
|
squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.
|
|||||
| CVE-2004-0008 | 2 Rob Flynn, Ultramagnetic | 2 Gaim, Ultramagnetic | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
|
|||||
| CVE-2004-1828 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.
|
|||||
| CVE-2006-0924 | 1 Brown Bear Software | 1 Ical | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2004-0930 | 5 Conectiva, Gentoo, Redhat and 2 more | 8 Linux, Linux, Enterprise Linux and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
|
|||||
| CVE-2004-1613 | 3 Mozilla, Redhat, Sgi | 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
|
|||||
| CVE-2000-0633 | 3 Conectiva, Mandrakesoft, Redhat | 3 Linux, Mandrake Linux, Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
|
|||||
| CVE-1999-0327 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
SGI syserr program allows local users to corrupt files.
|
|||||
| CVE-2003-1311 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 6.8 MEDIUM | N/A |
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
|
|||||
| CVE-2000-0573 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
|
|||||
| CVE-2002-1566 | 1 Netris | 1 Netris | 2025-04-03 | 5.0 MEDIUM | N/A |
|
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.
|
|||||
| CVE-2004-0238 | 1 0verkill | 1 0verkill | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.
|
|||||