Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3752 | 1 Ldapdiff | 1 Ldapdiff | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction".
|
|||||
| CVE-2000-0118 | 2 Redhat, Sun | 3 Linux, Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
|
|||||
| CVE-2006-0026 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
|
|||||
| CVE-2006-0972 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846.
|
|||||
| CVE-2001-0319 | 1 Ibm | 3 Net.commerce, Net.commerce Hosting Server, Websphere Commerce Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
|
|||||
| CVE-1999-0942 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.
|
|||||
| CVE-2003-0514 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
|
|||||
| CVE-1999-0705 | 2 Isc, Redhat | 2 Inn, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in INN inews program.
|
|||||
| CVE-2005-1108 | 1 Junkbuster | 1 Internet Junkbuster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.
|
|||||
| CVE-2000-0129 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
|
|||||
| CVE-2002-1535 | 1 Symantec | 2 Enterprise Firewall, Raptor Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.
|
|||||
| CVE-2000-0310 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
|
|||||
| CVE-1999-1227 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.2 HIGH | N/A |
|
Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file.
|
|||||
| CVE-2006-3264 | 1 Namo | 1 Deepsearch | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
|
|||||
| CVE-2005-4465 | 1 Nec | 1 Univerge | 2025-04-03 | 7.5 HIGH | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-1999-0685 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
|
|||||
| CVE-2006-4881 | 1 David Bennett | 1 Php-post | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter ...
Show More |
|||||
| CVE-2001-0418 | 1 Ncm | 1 Ncm Content Management System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.
|
|||||
| CVE-2006-3012 | 1 Eschew.net | 1 Phpbannerexchange | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.
|
|||||
| CVE-2000-0675 | 1 Infopulse | 1 Gatekeeper | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.
|
|||||
| CVE-2005-2713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
|
|||||
| CVE-2004-1647 | 1 Web Animations | 1 Password Protect | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
|
|||||
| CVE-2001-0481 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
|
|||||
| CVE-2006-3278 | 1 Positive Software | 1 H-sphere | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
|
|||||
| CVE-1999-0711 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
|
|||||
| CVE-2006-1780 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.
|
|||||
| CVE-2005-2024 | 1 Vipul | 1 Razor-agents | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.
|
|||||
| CVE-2002-1504 | 1 Radiobird Software | 1 Webserver 4 Everyone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL.
|
|||||
| CVE-2004-0785 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder.
|
|||||
| CVE-2005-0887 | 1 Michael Dean | 1 Double Choco Latte | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
|
|||||
| CVE-2004-1523 | 1 New Media Generation | 1 Hired Team Trial | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message.
|
|||||
| CVE-1999-0135 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
|
|||||
| CVE-2001-0007 | 1 Netscreen | 1 Screen Os | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
|
|||||
| CVE-2005-2644 | 1 Isemarket | 1 Jaguarcontrol | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Jtext field.
|
|||||
| CVE-2006-0590 | 1 Jaia Interactive | 1 Mytopix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.
|
|||||
| CVE-2000-0260 | 1 Microsoft | 2 Frontpage, Visual Interdev | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
|
|||||
| CVE-2002-0498 | 1 Etnus | 1 Totalview | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.
|
|||||
| CVE-2003-1039 | 1 Sap | 1 Mysap Business Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.
|
|||||
| CVE-2006-0134 | 1 Thewebforum | 1 Thewebforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.
|
|||||
| CVE-2005-2688 | 1 Savewebportal | 1 Savewebportal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields.
|
|||||