Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0520 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified.
|
|||||
| CVE-2003-0959 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.
|
|||||
| CVE-2004-0249 | 1 Phpx | 1 Phpx | 2025-04-03 | 10.0 HIGH | N/A |
|
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
|
|||||
| CVE-2004-1441 | 1 Board Power | 1 Board Power | 2025-04-03 | 9.3 HIGH | N/A |
|
Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2006-3537 | 1 Randshop | 1 Randshop | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375.
|
|||||
| CVE-2006-1431 | 1 Fusionzone | 1 Couponzone | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters.
|
|||||
| CVE-2005-1696 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
|
|||||
| CVE-2005-3353 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
|
|||||
| CVE-1999-0746 | 2 Slackware, Suse | 2 Slackware Linux, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.
|
|||||
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors.
|
|||||
| CVE-2006-1369 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
|
|||||
| CVE-2005-1809 | 1 Sony | 2 P900, P900 Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push.
|
|||||
| CVE-2006-1354 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
|
|||||
| CVE-2005-1631 | 1 Booby | 1 Booby | 2025-04-03 | 5.0 MEDIUM | N/A |
|
booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs.
|
|||||
| CVE-2005-0033 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.
|
|||||
| CVE-2006-0712 | 1 Squishdot | 1 Squishdot | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.
|
|||||
| CVE-2000-0100 | 1 Microsoft | 1 Systems Management Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
|
|||||
| CVE-2005-1953 | 1 Pico Server | 1 Pico Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request.
|
|||||
| CVE-2005-2298 | 1 Softwin | 1 Bitdefender Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards.
|
|||||
| CVE-2006-4203 | 1 Mamboxchange | 1 Mambo Email Publisher | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
|
|||||
| CVE-2004-0053 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.
|
|||||
| CVE-1999-0443 | 1 Bmc | 1 Patrol Agent | 2025-04-03 | 10.0 HIGH | N/A |
|
Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password.
|
|||||
| CVE-2006-3260 | 1 Virtual Design Studios | 1 Vlbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2005-0262 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
|
|||||
| CVE-2005-1408 | 1 Apple | 1 Keynote | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation.
|
|||||
| CVE-2004-0541 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
|
|||||
| CVE-1999-0888 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | 4.6 MEDIUM | N/A |
|
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
|
|||||
| CVE-1999-1503 | 1 Nfr | 1 Nfr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to cause a denial of service in nfrd (crash) via a TCP packet with a null header and data field.
|
|||||
| CVE-1999-1437 | 1 Ralf S. Engelschall | 1 Eperl | 2025-04-03 | 7.5 HIGH | N/A |
|
ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.
|
|||||
| CVE-1999-0299 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in FreeBSD lpd through long DNS hostnames.
|
|||||
| CVE-2005-3897 | 1 Apple | 1 Safari | 2025-04-03 | 7.8 HIGH | N/A |
|
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
|
|||||
| CVE-2005-3801 | 1 Counterpane | 1 Passwordsafe | 2025-04-03 | 4.6 MEDIUM | N/A |
|
CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks.
|
|||||
| CVE-2003-1046 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
|
|||||
| CVE-2001-0522 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
|
|||||
| CVE-2004-1620 | 1 S9y | 1 Serendipity | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
|
|||||
| CVE-2005-1125 | 1 Avaya | 1 Libsafe | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
|
|||||
| CVE-2005-4501 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.
|
|||||
| CVE-2004-0320 | 1 Ncipher | 1 Nshield | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
|
|||||
| CVE-1999-0138 | 7 Apple, Digital, Freebsd and 4 more | 9 A Ux, Osf 1, Freebsd and 6 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
|
|||||