Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0740 | 1 Slrn Development Team | 1 Slrn | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
|
|||||
| CVE-2006-4300 | 1 8pixel.net | 1 Simple Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2001-1542 | 1 Network Associates | 1 Webshield Smtp | 2025-04-03 | 7.5 HIGH | N/A |
|
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.
|
|||||
| CVE-2006-1594 | 1 Claroline | 1 Claroline | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.
|
|||||
| CVE-2006-2704 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information.
|
|||||
| CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
|
|||||
| CVE-2005-0387 | 1 Remstats | 1 Remstats | 2025-04-03 | 2.1 LOW | N/A |
|
remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2001-0961 | 1 John E. Davis | 1 Most | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
|
|||||
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
|
|||||
| CVE-2002-2016 | 1 User-mode Linux | 1 User-mode Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.
|
|||||
| CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
|
|||||
| CVE-2003-0214 | 1 Debian | 1 Mime-support | 2025-04-03 | 4.6 MEDIUM | N/A |
|
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2005-1185 | 1 Musicmatch | 1 Jukebox | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe.
|
|||||
| CVE-2006-3040 | 1 Amr Talkbox | 1 Amr Talkbox | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement
|
|||||
| CVE-2004-2064 | 1 Verylost | 1 Lostbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.
|
|||||
| CVE-2000-1029 | 1 Isc | 1 Bind | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.
|
|||||
| CVE-2004-1483 | 1 Symantec | 1 Clientless Vpn Gateway 4400 | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.
|
|||||
| CVE-2000-0070 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
|
|||||
| CVE-2005-1438 | 1 Osticket | 1 Osticket | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
|
|||||
| CVE-2002-1514 | 1 Borland Software | 1 Interbase | 2025-04-03 | 7.2 HIGH | N/A |
|
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.
|
|||||
| CVE-2002-2213 | 2 Infoblox, Isc | 2 Dns One, Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
|
|||||
| CVE-2006-1259 | 1 Maian | 1 Support | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.
|
|||||
| CVE-2004-0197 | 1 Microsoft | 1 Jet | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
|
|||||
| CVE-2002-2130 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2002-0079 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2006-2461 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
|
|||||
| CVE-2005-2534 | 1 Openvpn | 1 Openvpn | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
|
|||||
| CVE-2005-0583 | 1 Broadcom | 1 License Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request.
|
|||||
| CVE-1999-1578 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2003-0111 | 1 Microsoft | 3 Virtual Machine, Windows 2000, Windows 2000 Terminal Services | 2025-04-03 | 7.5 HIGH | N/A |
|
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
|
|||||
| CVE-2001-1025 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 10.0 HIGH | N/A |
|
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
|
|||||
| CVE-2006-4633 | 1 Softbb | 1 Softbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
|
|||||
| CVE-2004-2212 | 1 Alivesites | 1 Alivesites Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter.
|
|||||
| CVE-2005-4331 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.
|
|||||
| CVE-2004-2368 | 1 The Opt-x Project | 1 Opt-x | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter.
|
|||||
| CVE-2005-4839 | 1 Claymore Systems Inc | 1 Puretls | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.
|
|||||
| CVE-2005-0118 | 1 Helvis | 1 Helvis | 2025-04-03 | 2.1 LOW | N/A |
|
helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
|
|||||
| CVE-2005-1110 | 1 Sumus | 1 Sumus | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81.
|
|||||
| CVE-2004-1236 | 1 Netscape | 1 Directory Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-4641 | 1 Muratsoft | 1 Haber Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
|
|||||