Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2025-04-03 | 7.5 HIGH | N/A |
|
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
|
|||||
| CVE-1999-1270 | 1 Kde | 1 Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
|
|||||
| CVE-2005-4001 | 1 Phpyellow | 2 Phpyellowtm Lite, Phpyellowtm Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php.
|
|||||
| CVE-2004-0883 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certai ...
Show More |
|||||
| CVE-2005-0646 | 1 Php Arena | 1 Panews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.
|
|||||
| CVE-2005-0984 | 1 Lucasarts | 1 Star Wars Jedi Knight Jedi Academy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell.
|
|||||
| CVE-2004-1747 | 1 Network Everywhere | 1 Nr041 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.
|
|||||
| CVE-2005-0699 | 4 Altlinux, Conectiva, Ethereal Group and 1 more | 6 Alt Linux, Linux, Ethereal and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
|
|||||
| CVE-1999-0488 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
|
|||||
| CVE-2005-4420 | 1 Quicksquare Development | 1 Honeycomb Archive Enterprise | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm.
|
|||||
| CVE-1999-0057 | 5 Eric Allman, Freebsd, Hp and 2 more | 7 Vacation, Freebsd, Hp-ux and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Vacation program allows command execution by remote users through a sendmail command.
|
|||||
| CVE-2003-0249 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary m ...
Show More |
|||||
| CVE-2002-1437 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.
|
|||||
| CVE-1999-1141 | 1 Ascom | 1 Timeplex Routers | 2025-04-03 | 7.5 HIGH | N/A |
|
Ascom Timeplex router allows remote attackers to obtain sensitive information or conduct unauthorized activities by entering debug mode through a sequence of CTRL-D characters.
|
|||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
|
|||||
| CVE-2005-4255 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
|
|||||
| CVE-2002-0953 | 1 Php Address | 1 Php Address | 2025-04-03 | 7.5 HIGH | N/A |
|
globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.
|
|||||
| CVE-2004-1467 | 1 Egroupware | 1 Egroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
|
|||||
| CVE-2005-1518 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
|
|||||
| CVE-2000-0607 | 3 Debian, Mandrakesoft, Redhat | 3 Debian Linux, Mandrake Linux, Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
|
|||||
| CVE-2004-1305 | 2 Microsoft, Nortel | 19 Windows 2000, Windows 2003 Server, Windows 98 and 16 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
|
|||||
| CVE-2006-2129 | 1 Deltascripts | 1 Pro Publish | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php.
|
|||||
| CVE-2005-2002 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
|
|||||
| CVE-2006-1799 | 1 Adcentrix | 1 Censtore | 2025-04-03 | 7.5 HIGH | N/A |
|
censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
|
|||||
| CVE-2002-1254 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
|
|||||
| CVE-2005-0696 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
|
|||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
|
|||||
| CVE-2006-2142 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
|
|||||
| CVE-2000-0011 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
|
|||||
| CVE-2005-0760 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
|
|||||
| CVE-2004-2238 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability
|
|||||
| CVE-2004-2335 | 1 Macromedia | 2 Contribute, Studio | 2025-04-03 | 7.2 HIGH | N/A |
|
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
|
|||||
| CVE-2004-0921 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
|
|||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.
|
|||||
| CVE-2005-2012 | 1 Php Arena | 1 Pafaq | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
|
|||||
| CVE-2005-4421 | 1 Dev-editor | 1 Dev-editor | 2025-04-03 | 7.5 HIGH | N/A |
|
Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.
|
|||||
| CVE-2006-0099 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter.
|
|||||
| CVE-2006-0696 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
|
|||||
| CVE-2001-1003 | 1 Webct | 1 Respondus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
|
|||||