Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0106 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.
|
|||||
| CVE-2006-4619 | 1 Avira | 1 Antivir Personal | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. NOTE: some details are obtained from third party information.
|
|||||
| CVE-1999-0724 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
|
|||||
| CVE-2001-0720 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
|
|||||
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
|
|||||
| CVE-2002-1823 | 1 Lonerunner | 1 Zeroo Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
|
|||||
| CVE-2005-0867 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.
|
|||||
| CVE-2005-2521 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-2459 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
|
|||||
| CVE-2001-0717 | 1 Tooltalk | 1 Tooltalk Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.
|
|||||
| CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
|
|||||
| CVE-2002-1879 | 1 Lokwa | 1 Lokwabb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
|
|||||
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
|
|||||
| CVE-2004-0248 | 1 Phpx | 1 Phpx | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum.
|
|||||
| CVE-2005-0156 | 7 Ibm, Larry Wall, Redhat and 4 more | 9 Aix, Perl, Enterprise Linux and 6 more | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
|
|||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
|
|||||
| CVE-1999-1215 | 1 Novell | 1 Netware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
|
|||||
| CVE-2006-0492 | 1 Vincent Hor | 1 Calendarix | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865.
|
|||||
| CVE-2005-2252 | 1 Gianluca Baldo | 1 Phpauction | 2025-04-03 | 7.5 HIGH | N/A |
|
PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
|
|||||
| CVE-2005-3980 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter.
|
|||||
| CVE-2001-0563 | 1 Electrosoft | 1 Electrocomm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.
|
|||||
| CVE-2003-1165 | 1 Brs | 1 Webweaver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
|
|||||
| CVE-2003-0165 | 1 Gnome | 1 Eog | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.
|
|||||
| CVE-2005-2780 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.
|
|||||
| CVE-2005-4679 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
|
|||||
| CVE-2005-2646 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.
|
|||||
| CVE-2004-2403 | 1 Yabb | 1 Yabb | 2025-04-03 | 10.0 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
|
|||||
| CVE-2006-4192 | 1 Modplug | 1 Tracker | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
|
|||||
| CVE-2005-3956 | 1 Dmanews | 1 Dmanews | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action.
|
|||||
| CVE-2006-3075 | 1 Picturedis | 2 Picturedis Photoalbum, Picturedis Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.
|
|||||
| CVE-2005-1220 | 1 Knusperleicht | 1 Shoutbox Script | 2025-04-03 | 7.5 HIGH | N/A |
|
Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.
|
|||||
| CVE-2002-0827 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.
|
|||||
| CVE-2003-1318 | 1 Twilight Utilities | 1 Twilight Webserver | 2025-04-03 | 7.8 HIGH | N/A |
|
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
|
|||||
| CVE-2006-1885 | 1 Oracle | 1 Enterprise Manager | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.
|
|||||
| CVE-2006-1219 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
|
|||||
| CVE-2004-0237 | 1 Aprox Portal | 1 Aprox Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
|
|||||
| CVE-2002-0723 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."
|
|||||
| CVE-2005-3167 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2006-1901 | 1 Mozilla | 1 Camino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724.
|
|||||
| CVE-2004-0891 | 4 Gentoo, Rob Flynn, Slackware and 1 more | 4 Linux, Gaim, Slackware Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
|
|||||