Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2026 | 1 Browseftp | 1 Browseftp Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.
|
|||||
| CVE-2003-0116 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
|
|||||
| CVE-2000-0239 | 1 Atrium Software | 3 Mercur Imap4 Server, Mercur Mailserver, Mercur Pop3 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
|
|||||
| CVE-2003-0271 | 1 Cooolsoft | 1 Personal Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument.
|
|||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
|
|||||
| CVE-2004-1873 | 1 Alan Ward | 1 A-cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
|
|||||
| CVE-2005-4437 | 1 Extended Interior Gateway Routing Protocol | 1 Extended Interior Gateway Routing Protocol | 2025-04-03 | 7.5 HIGH | N/A |
|
MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
|
|||||
| CVE-2004-0080 | 1 Andries Brouwer | 1 Util-linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
|
|||||
| CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
|
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
|
|||||
| CVE-2005-2777 | 1 Looking Glass | 1 Looking Glass | 2025-04-03 | 7.5 HIGH | N/A |
|
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
|
|||||
| CVE-2001-0474 | 2 Brian Paul, Mandrakesoft | 2 Mesa, Mandrake Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
|
|||||
| CVE-2002-0364 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
|
|||||
| CVE-2004-2266 | 1 Ansel | 1 Ansel | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.
|
|||||
| CVE-2004-1619 | 1 Akella | 1 Privateers Bounty Age Of Sail Ii | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname.
|
|||||
| CVE-1999-0745 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.
|
|||||
| CVE-2006-3457 | 1 Symantec | 2 On-demand Agent, On-demand Protection | 2025-04-03 | 2.1 LOW | N/A |
|
Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.
|
|||||
| CVE-2002-0884 | 2 Caldera, Sun | 3 Openunix, Unixware, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.
|
|||||
| CVE-2003-1098 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
|
|||||
| CVE-2004-1390 | 1 Qnx | 2 Rtos, Rtp | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.
|
|||||
| CVE-2005-0400 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
|
|||||
| CVE-2006-1143 | 1 Ftpoed | 1 Ftpoed Blog Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when posting a comment.
|
|||||
| CVE-2005-0762 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
|
|||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 2.6 LOW | N/A |
|
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
|
|||||
| CVE-2004-1076 | 2 Atari800, Debian | 2 Atari800, Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.
|
|||||
| CVE-2005-2043 | 1 Xampp | 1 Apache Distribution | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php.
|
|||||
| CVE-2004-1085 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
|
|||||
| CVE-2005-0892 | 1 Smail | 1 Smail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands.
|
|||||
| CVE-2006-2742 | 1 Drupal | 1 Drupal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.
|
|||||
| CVE-2005-0946 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page.
|
|||||
| CVE-2002-0655 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2004-1016 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
|
|||||
| CVE-1999-0922 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
|
|||||
| CVE-2000-0664 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.
|
|||||
| CVE-2005-0641 | 1 Broadcom | 1 Unicenter Asset Management | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
|
|||||
| CVE-2001-0928 | 1 Gnome | 1 Libgtop Daemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
|
|||||
| CVE-2002-1928 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
|
|||||
| CVE-1999-1380 | 1 Symantec | 1 Norton Utilities | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
|
|||||
| CVE-2006-3680 | 1 Photocycle | 1 Photocycle | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter.
|
|||||
| CVE-2004-0349 | 1 Gweb | 1 Gweb Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2003-0326 | 1 Slocate | 1 Slocate | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc.
|
|||||