Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.6 LOW | N/A |
|
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface.
|
|||||
| CVE-2005-1323 | 1 Intersoft | 1 Netterm | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.
|
|||||
| CVE-2005-0813 | 1 Initial Redirect | 1 Initial Redirect Squid Proxy Plug-in | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors.
|
|||||
| CVE-1999-0986 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
|
|||||
| CVE-2005-2730 | 1 Astaro | 1 Security Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
|
|||||
| CVE-2001-1224 | 1 Les Vanbrunt | 1 Adrotate Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
|
|||||
| CVE-2002-0932 | 1 Luis Bernardo | 1 Myhelpdesk | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.
|
|||||
| CVE-2006-1038 | 1 Van Dyke Technologies | 2 Securecrt, Securefx | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.
|
|||||
| CVE-2006-2339 | 1 Evo-dev | 2 Evotopsites, Evotopsites Pro | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters.
|
|||||
| CVE-2005-0095 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
|
|||||
| CVE-2005-4610 | 1 Dopewars | 1 Dopewars | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors.
|
|||||
| CVE-2002-1400 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string.
|
|||||
| CVE-2005-4431 | 1 Wowbb | 1 Wowbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181.
|
|||||
| CVE-2000-0943 | 1 Max-wilhelm Bruker | 1 Bftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.
|
|||||
| CVE-2005-3879 | 1 Softbiz | 1 Resource Repository Script | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.
|
|||||
| CVE-2001-0042 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
|
|||||
| CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.
|
|||||
| CVE-2006-4504 | 1 Nx5 | 1 Nx5linx | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters.
|
|||||
| CVE-2000-0143 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
|
|||||
| CVE-2006-1267 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.
|
|||||
| CVE-2005-1412 | 1 Ecomm | 1 Professional Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.
|
|||||
| CVE-2001-0073 | 1 Nsa | 1 Security-enhanced Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.
|
|||||
| CVE-1999-0291 | 1 Qbik | 1 Wingate | 2025-04-03 | 7.5 HIGH | N/A |
|
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
|
|||||
| CVE-2001-1412 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
|
|||||
| CVE-2000-0839 | 1 Ipswitch | 1 Wincom Lpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).
|
|||||
| CVE-2005-3085 | 1 Riverdark Studios | 1 Rss Syndicator Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters.
|
|||||
| CVE-2006-0483 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3030 Concentator | 2025-04-03 | 7.8 HIGH | N/A |
|
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
|
|||||
| CVE-2006-1241 | 1 Firebirdsql | 1 Firebird | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities.
|
|||||
| CVE-1999-1028 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.
|
|||||
| CVE-2004-2093 | 1 Gnu | 1 Rsync | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
|
|||||
| CVE-2005-2948 | 1 Killprocess | 1 Killprocess | 2025-04-03 | 2.1 LOW | N/A |
|
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
|
|||||
| CVE-2005-2990 | 1 Linecontrol | 1 Java Client | 2025-04-03 | 2.1 LOW | N/A |
|
AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user passwords in log files.
|
|||||
| CVE-2006-1495 | 2 Netoffice, Phpcollab | 2 Netoffice, Phpcollab | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.
|
|||||
| CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.
|
|||||
| CVE-2004-0361 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.
|
|||||
| CVE-2005-4614 | 1 Sum Effect Software | 1 Digishop | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.
|
|||||
| CVE-2000-1109 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.
|
|||||
| CVE-2006-0684 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
|
|||||
| CVE-2005-3006 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.
|
|||||
| CVE-2002-0128 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 7.5 HIGH | N/A |
|
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
|
|||||