Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3308 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2025-04-03 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).
|
|||||
| CVE-2001-0226 | 1 Biblioscape | 1 Biblioweb Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request.
|
|||||
| CVE-2005-1431 | 1 Gnu | 1 Gnutls | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
|
|||||
| CVE-2006-1406 | 1 Uniforum | 1 Uniforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters.
|
|||||
| CVE-2006-3782 | 1 Sun | 1 Solaris | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.
|
|||||
| CVE-2005-2421 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter.
|
|||||
| CVE-2002-0020 | 1 Microsoft | 2 Interix, Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
|
|||||
| CVE-2000-1224 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others.
|
|||||
| CVE-2005-2538 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.
|
|||||
| CVE-2005-4215 | 1 Motorola | 1 Motorola Cable Modem | 2025-04-03 | 7.8 HIGH | N/A |
|
Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND).
|
|||||
| CVE-2003-0697 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
|
|||||
| CVE-2002-1137 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
|
|||||
| CVE-2004-1867 | 1 Web Fresh | 1 Fresh Guest Book | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field.
|
|||||
| CVE-2005-3848 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply."
|
|||||
| CVE-2006-2785 | 1 Mozilla | 1 Firefox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
|
|||||
| CVE-2006-1543 | 1 Vscripts | 1 Vnews | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php.
|
|||||
| CVE-2005-0634 | 1 Kmint21 Software | 1 Golden Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
|
|||||
| CVE-2006-4766 | 1 Stefan Ernst | 1 Newsscript | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.
|
|||||
| CVE-1999-0290 | 1 Qbik | 1 Wingate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.
|
|||||
| CVE-2001-1429 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
|
|||||
| CVE-2005-3700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2001-0801 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
|
|||||
| CVE-2001-0231 | 1 Ibrow | 1 News Desk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter.
|
|||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2025-04-03 | 7.6 HIGH | N/A |
|
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
|
|||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 2.1 LOW | N/A |
|
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.
|
|||||
| CVE-1999-0142 | 2 Netscape, Sun | 2 Navigator, Java | 2025-04-03 | 7.5 HIGH | N/A |
|
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
|
|||||
| CVE-2003-0324 | 1 Epic | 1 Epic4 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.
|
|||||
| CVE-2001-1282 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
|
|||||
| CVE-2006-4543 | 1 Hlstats | 1 Hlstats | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.
|
|||||
| CVE-2006-3375 | 1 Randshop | 1 Randshop | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter.
|
|||||
| CVE-2006-3079 | 1 Sspwiz | 1 Sspwiz Plus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2006-2188 | 1 Cmscout | 1 Cmscout | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post.
|
|||||
| CVE-2006-2186 | 1 Zenphoto | 1 Zenphoto | 2025-04-03 | 5.0 MEDIUM | N/A |
|
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
|
|||||
| CVE-2001-1053 | 1 Adcycle | 1 Adcycle | 2025-04-03 | 10.0 HIGH | N/A |
|
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
|
|||||
| CVE-2001-0273 | 1 Holger Lamm | 1 Pgp4pine | 2025-04-03 | 2.6 LOW | N/A |
|
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
|
|||||
| CVE-2001-0886 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
|
|||||
| CVE-1999-1252 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges.
|
|||||
| CVE-2002-1659 | 1 Iatek | 1 Portalapp | 2025-04-03 | 10.0 HIGH | N/A |
|
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
|
|||||
| CVE-2004-0696 | 1 4d | 1 Webstar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character.
|
|||||
| CVE-2006-1655 | 1 Mpg123 | 1 Mpg123 | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.
|
|||||