Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2532 | 1 Openvpn | 1 Openvpn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
|
|||||
| CVE-2006-1117 | 1 Ncipher | 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more | 2025-04-03 | 2.6 LOW | N/A |
|
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
|
|||||
| CVE-2006-1240 | 1 Firebirdsql | 1 Firebird | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.
|
|||||
| CVE-2003-0702 | 1 Iss | 1 Realsecure Server Sensor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL.
|
|||||
| CVE-2005-3373 | 1 Dr.web | 1 Dr.web Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2004-2358 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2001-0805 | 1 Tarantella | 1 Tarantella Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
|
|||||
| CVE-2005-3654 | 1 Bluecoat | 1 Webproxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap.
|
|||||
| CVE-2003-0933 | 1 Conquest | 1 Conquest | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable.
|
|||||
| CVE-2004-0306 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.
|
|||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter.
|
|||||
| CVE-2005-3643 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
|
|||||
| CVE-1999-1220 | 1 Great Circle Associates | 1 Majordomo | 2025-04-03 | 7.5 HIGH | N/A |
|
Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.
|
|||||
| CVE-2003-0944 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI.
|
|||||
| CVE-2006-4206 | 1 Aspplayground.net | 1 Aspplayground.net | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.
|
|||||
| CVE-2006-2692 | 1 Amule | 1 Amule | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal.
|
|||||
| CVE-1999-1190 | 1 Admiral Systems | 1 Emailclub | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
|
|||||
| CVE-2004-2640 | 1 Ryszard Pydo | 1 Linuxstat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.
|
|||||
| CVE-2003-0601 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
|
|||||
| CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
|
|||||
| CVE-2005-4467 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the PGV_BASE_DIRECTORY parameter.
|
|||||
| CVE-2006-2059 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
|
|||||
| CVE-2006-2396 | 1 Phpodp | 1 Phpodp | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter.
|
|||||
| CVE-2004-2133 | 1 Cvsup | 1 Cvsup | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.
|
|||||
| CVE-2003-0490 | 1 Dantz | 1 Retrospect Client | 2025-04-03 | 7.2 HIGH | N/A |
|
The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
|
|||||
| CVE-2003-0544 | 1 Openssl | 1 Openssl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.
|
|||||
| CVE-2003-1317 | 1 Endonesia | 1 Endonesia | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2002-0207 | 1 Realnetworks | 2 Realone Player, Realplayer Intranet | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
|
|||||
| CVE-2006-0997 | 1 Novell | 2 Netware, Open Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
|
|||||
| CVE-2006-0448 | 1 E-post Corporation | 2 Mail Server, Spa-pro Mail Atsolomon | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.
|
|||||
| CVE-2001-0894 | 1 Wietse Venema | 1 Postfix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
|
|||||
| CVE-2005-2299 | 1 Man And Machine Ltd. | 1 Simple Message Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2) UID parameter to user.cfm, (3) TID parameter to thread.cfm, or (4) PostDate parameter to search.cfm.
|
|||||
| CVE-2002-0577 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users to corrupt the password file and cause a denial of service.
|
|||||
| CVE-2004-2510 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.
|
|||||
| CVE-2005-2576 | 1 Calogic | 1 Calogic | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message.
|
|||||
| CVE-2000-0767 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
|
|||||
| CVE-2005-3679 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.
|
|||||
| CVE-2003-0343 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
|
|||||
| CVE-2002-1572 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
|
Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.
|
|||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file.
|
|||||