Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.
|
|||||
| CVE-2006-0833 | 1 Boonex | 1 Barracuda Directory | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
|
|||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2025-04-03 | 2.6 LOW | N/A |
|
IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.
|
|||||
| CVE-2002-1743 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file.
|
|||||
| CVE-2005-0196 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.
|
|||||
| CVE-2003-1266 | 1 Etype | 1 Eserv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
|
|||||
| CVE-2006-0789 | 1 Kyocera | 1 Fs-3830n | 2025-04-03 | 10.0 HIGH | N/A |
|
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.
|
|||||
| CVE-2003-0727 | 1 Oracle | 1 Database Server | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
|
|||||
| CVE-2004-0201 | 2 Avaya, Microsoft | 11 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 8 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
|
|||||
| CVE-2003-0400 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports.
|
|||||
| CVE-1999-1424 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
|
|||||
| CVE-2001-0336 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
|
|||||
| CVE-2004-1662 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
|
|||||
| CVE-1999-1574 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
|
|||||
| CVE-2005-3805 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers.
|
|||||
| CVE-2004-1033 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2025-04-03 | 2.1 LOW | N/A |
|
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
|
|||||
| CVE-2001-0374 | 1 Compaq | 1 Web-enabled Management | 2025-04-03 | 7.5 HIGH | N/A |
|
The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.
|
|||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.
|
|||||
| CVE-2004-1585 | 1 Jera Technology | 1 Flash Messaging | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.
|
|||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php.
|
|||||
| CVE-2002-1772 | 1 Novell | 1 Netware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Novell Netware 5.0 through 5.1 may allow local users to gain "Domain Admin" rights by logging into a Novell Directory Services (NDS) account, and executing "net use" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password.
|
|||||
| CVE-2005-0882 | 1 Birdblog | 1 Birdblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters.
|
|||||
| CVE-1999-1226 | 1 Netscape | 1 Communicator | 2025-04-03 | 2.6 LOW | N/A |
|
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
|
|||||
| CVE-2005-0744 | 1 Novell | 1 Ichain | 2025-04-03 | 10.0 HIGH | N/A |
|
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.
|
|||||
| CVE-2003-0618 | 2 Debian, Perl | 2 Debian Linux, Suidperl | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
|
|||||
| CVE-2003-0030 | 1 Protegrity | 1 Secure.data | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.
|
|||||
| CVE-2005-3777 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.
|
|||||
| CVE-2005-1804 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) terme parameter in the glossaire module (glossaire.php) or (2) query parameter to links.php.
|
|||||
| CVE-2002-0157 | 1 Eazel | 1 Nautilus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.
|
|||||
| CVE-2002-0605 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.
|
|||||
| CVE-1999-0336 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in mstm in HP-UX allows local users to gain root access.
|
|||||
| CVE-2001-1341 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
|
|||||
| CVE-1999-0351 | 1 Ftp | 1 Ftp Pasv | 2025-04-03 | 6.4 MEDIUM | N/A |
|
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.
|
|||||
| CVE-2000-0267 | 1 Cisco | 1 Catos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
|
|||||
| CVE-2005-4454 | 1 Livejournal | 1 Livejournal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
|
|||||
| CVE-2001-0080 | 1 Cisco | 3 Catalyst 4000, Catalyst 5000, Catalyst 6000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
|
|||||
| CVE-2003-0021 | 1 Michael Jennings | 1 Eterm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
|
|||||
| CVE-2006-1009 | 1 M4 Project | 1 Enigma-suite | 2025-04-03 | 4.6 MEDIUM | N/A |
|
M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access.
|
|||||
| CVE-2002-0324 | 1 Noah Gray | 1 Graymatter | 2025-04-03 | 7.5 HIGH | N/A |
|
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.
|
|||||
| CVE-2005-2764 | 1 Openttd | 1 Openttd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
|
|||||