Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2833 | 1 Drupal | 1 Drupal | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
|
|||||
| CVE-2004-0412 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
|
|||||
| CVE-1999-0217 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
|
|||||
| CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
|
|||||
| CVE-2005-0126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.
|
|||||
| CVE-2004-1941 | 1 Fastream | 1 Netfile Ftp Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist.
|
|||||
| CVE-2005-0847 | 1 Code Ocean | 1 Ocean Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections.
|
|||||
| CVE-2003-0082 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").
|
|||||
| CVE-2002-0400 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
|
|||||
| CVE-2002-1960 | 1 Cybozu | 1 Share360 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link.
|
|||||
| CVE-2004-0873 | 1 Apple | 2 Ichat, Ichat Av | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.
|
|||||
| CVE-2004-1031 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2025-04-03 | 7.2 HIGH | N/A |
|
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
|
|||||
| CVE-2002-2002 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables.
|
|||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
|
|||||
| CVE-2006-3201 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
|
|||||
| CVE-2006-0993 | 1 3com | 1 Tippingpoint Sms Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
|
|||||
| CVE-2006-4033 | 1 Lhaplus | 1 Lhaplus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.
|
|||||
| CVE-1999-1203 | 1 Ascend | 1 Multilink Ppp For Isdn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.
|
|||||
| CVE-2005-1033 | 1 Devellion | 1 Cubecart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.
|
|||||
| CVE-2003-0340 | 1 Demarc Security | 1 Puresecure | 2025-04-03 | 7.5 HIGH | N/A |
|
Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges.
|
|||||
| CVE-2006-2045 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2025-04-03 | 3.6 LOW | N/A |
|
The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.
|
|||||
| CVE-2004-1872 | 1 Webct | 1 Webct | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.
|
|||||
| CVE-2005-1160 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
|
|||||
| CVE-2005-0186 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
|
|||||
| CVE-1999-0629 | 2025-04-03 | N/A | N/A | ||
|
The ident/identd service is running.
|
|||||
| CVE-2005-0650 | 1 Projectbb | 1 Projectbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section.
|
|||||
| CVE-1999-0100 | 1 Isc | 1 Inn | 2025-04-03 | 10.0 HIGH | N/A |
|
Remote access in AIX innd 1.5.1, using control messages.
|
|||||
| CVE-2001-0293 | 1 Datawizard | 1 Ftpxq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command.
|
|||||
| CVE-2001-0794 | 1 A-ftp | 1 Anonymous Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command.
|
|||||
| CVE-2005-1982 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 3.6 LOW | N/A |
|
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
|
|||||
| CVE-2004-1108 | 1 Gentoo | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
|
|||||
| CVE-2003-0031 | 1 Mcrypt | 1 Libmcrypt | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).
|
|||||
| CVE-2000-0925 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2001-0718 | 1 Microsoft | 2 Excel, Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
|
|||||
| CVE-2006-4096 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
|
|||||
| CVE-1999-0727 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
|
|||||
| CVE-2005-2969 | 1 Openssl | 1 Openssl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
|
|||||
| CVE-1999-0230 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Cisco 7xx routers through the telnet service.
|
|||||
| CVE-2002-1712 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
|
|||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
|
|||||