Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0847 | 1 Freechess.org | 1 Fics Program | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in free internet chess server (FICS) program, xboard.
|
|||||
| CVE-2004-0607 | 3 Ipsec-tools, Kame, Redhat | 4 Ipsec-tools, Racoon, Enterprise Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
|
|||||
| CVE-2006-0982 | 1 Mcafee | 1 Virex | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.
|
|||||
| CVE-1999-1159 | 1 Ssh | 1 Ssh2 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.
|
|||||
| CVE-2005-4388 | 1 Contens | 1 Contens | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter.
|
|||||
| CVE-2006-1315 | 1 Microsoft | 1 Server Service | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
|
|||||
| CVE-2002-2155 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
|
|||||
| CVE-1999-0229 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Windows NT IIS server using ..\..
|
|||||
| CVE-2005-1969 | 1 Pragma Systems | 1 Pragma Telnetserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session.
|
|||||
| CVE-2004-1427 | 1 Korweblog | 1 Korweblog | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded.
|
|||||
| CVE-2006-1185 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
|
|||||
| CVE-2002-2097 | 1 Maradns | 1 Maradns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.
|
|||||
| CVE-2004-1007 | 2 Bogofilter, Ubuntu | 2 Email Filter, Ubuntu Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
|
|||||
| CVE-2000-1133 | 1 Flicks Software | 1 Authentix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory.
|
|||||
| CVE-2002-2198 | 1 Zmailer | 1 Zmailer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname.
|
|||||
| CVE-2002-2023 | 1 Yamaguchi | 1 Shingo Beep2 | 2025-04-03 | 2.1 LOW | N/A |
|
The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.
|
|||||
| CVE-2002-1730 | 1 Aspjar | 1 Aspjar Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".
|
|||||
| CVE-2003-0064 | 4 Hp, Ibm, Sgi and 1 more | 5 Hp-ux, Aix, Irix and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2002-1084 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP POST requests.
|
|||||
| CVE-2005-0173 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
|
|||||
| CVE-2003-0259 | 1 Cisco | 6 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3015 Concentrator and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet.
|
|||||
| CVE-2000-0138 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
|
|||||
| CVE-1999-0156 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
wu-ftpd FTP daemon allows any user and password combination.
|
|||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.
|
|||||
| CVE-2004-0358 | 1 Virtuasystems | 1 Virtuanews Pro | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.
|
|||||
| CVE-2005-4050 | 1 Multi-tech Systems | 1 Multivoip | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (SIP) packet.
|
|||||
| CVE-2006-2052 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product.
|
|||||
| CVE-2005-3846 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2004-0359 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters.
|
|||||
| CVE-2006-3772 | 1 Php-post | 1 Php-post | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
|
|||||
| CVE-2005-1417 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parame ...
Show More |
|||||
| CVE-2006-1891 | 1 Betaboard | 1 Betaboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE.
|
|||||
| CVE-2001-1126 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
|
|||||
| CVE-2002-0911 | 1 Caldera | 1 Volution Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges.
|
|||||
| CVE-2000-0078 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
|
|||||
| CVE-2003-1129 | 1 Yahoo | 1 Audio Conferencing Activex Control | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
|
|||||
| CVE-1999-0186 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | N/A |
|
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
|
|||||
| CVE-1999-0611 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A system-critical Windows NT registry key has an inappropriate value.
|
|||||
| CVE-2006-3392 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
|
|||||
| CVE-2005-2138 | 1 Comdev | 1 Comdev Ecommerce | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.
|
|||||