Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0742 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.
|
|||||
| CVE-2005-1492 | 1 Gossamer Threads | 2 Gossamer Threads Links, Gossamer Threads Links-sql | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2003-0982 | 1 Cisco | 9 Application And Content Networking Software, Content Distribution Manager 4630, Content Distribution Manager 4650 and 6 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
|
|||||
| CVE-2006-3357 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
|
|||||
| CVE-2003-0483 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.
|
|||||
| CVE-2002-0404 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2003-0061 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable.
|
|||||
| CVE-2004-1813 | 1 Vocaltec | 1 Vgw4 8 Telephony Gateway | 2025-04-03 | 7.5 HIGH | N/A |
|
VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/).
|
|||||
| CVE-2003-0100 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
|
|||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
|
|||||
| CVE-2006-2083 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
|
|||||
| CVE-2005-3547 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
|
|||||
| CVE-2000-1039 | 1 Microsoft | 5 Windows 95, Windows 98, Windows 98se and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of ab ...
Show More |
|||||
| CVE-2005-1571 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
|
|||||
| CVE-2004-1021 | 1 Apple | 1 Ical | 2025-04-03 | 7.5 HIGH | N/A |
|
iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.
|
|||||
| CVE-2005-2362 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.
|
|||||
| CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2025-04-03 | 2.6 LOW | N/A |
|
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
|
|||||
| CVE-2004-2642 | 1 Nathaniel Bray | 1 Yeemp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.
|
|||||
| CVE-2005-4283 | 1 Nightmedia | 1 The City Shop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi.
|
|||||
| CVE-2006-0932 | 1 Pear | 1 Pear Archive Zip | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
|
|||||
| CVE-2002-0332 | 1 Xtell | 1 Xtell | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.
|
|||||
| CVE-2002-1482 | 1 Phpgb | 1 Phpgb | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
|
|||||
| CVE-1999-1076 | 1 Apple | 1 Macos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
|
|||||
| CVE-2004-1319 | 2 Microsoft, Nortel | 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
|
|||||
| CVE-2002-0757 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 7.5 HIGH | N/A |
|
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
|
|||||
| CVE-2005-0606 | 1 Devellion | 1 Cubecart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
|
|||||
| CVE-2006-4892 | 1 Techno Dreams | 1 Faq Manager Package | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-1999-1294 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
|
|||||
| CVE-2005-2039 | 1 Nanoblogger | 1 Nanoblogger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2005-2622 | 1 Ecw-shop | 1 Ecw-shop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter.
|
|||||
| CVE-2000-1043 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
|
|||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability.
|
|||||
| CVE-2006-3710 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08.
|
|||||
| CVE-2006-0836 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.
|
|||||
| CVE-2002-1140 | 1 Microsoft | 1 Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
|
|||||
| CVE-2006-2476 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2005-3472 | 1 Sun | 1 Java System Communications Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
|
|||||
| CVE-2006-4962 | 1 Blue Dragon | 1 Php Blue Dragon | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
|
|||||
| CVE-2005-0414 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter.
|
|||||
| CVE-2002-1511 | 2 Att, Tightvnc | 2 Vnc, Tightvnc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
|
|||||