Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1358 | 1 Sun | 1 Solaris | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
|
|||||
| CVE-2003-0661 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2004-2035 | 1 Minishare | 1 Minimal Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences.
|
|||||
| CVE-2000-0732 | 1 Jeremy Arnold | 1 Worm Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Worm HTTP server allows remote attackers to cause a denial of service via a long URL.
|
|||||
| CVE-2005-2869 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
|
|||||
| CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
|
|||||
| CVE-2004-1416 | 2 Microsoft, Realnetworks | 2 Internet Explorer, Realone Player | 2025-04-03 | 5.1 MEDIUM | N/A |
|
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.
|
|||||
| CVE-2004-1443 | 1 Horde | 1 Imp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
|
|||||
| CVE-2006-0505 | 1 Zbattle.net | 1 Zbattle Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game.
|
|||||
| CVE-2003-1257 | 1 E-theni | 1 E-theni | 2025-04-03 | 5.0 MEDIUM | N/A |
|
find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.
|
|||||
| CVE-2003-0560 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
|
|||||
| CVE-1999-0564 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.
|
|||||
| CVE-2006-4368 | 1 Integramod | 1 Integramod Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2006-1800 | 1 Simplemedia | 1 Simplebbs | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.
|
|||||
| CVE-2005-1206 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
|
|||||
| CVE-2002-0337 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 5.4 MEDIUM | N/A |
|
RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.
|
|||||
| CVE-2004-2353 | 1 Incogen | 1 Bugport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
|
|||||
| CVE-2002-1624 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.
|
|||||
| CVE-2006-1287 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.
|
|||||
| CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.
|
|||||
| CVE-2006-3407 | 1 Tor | 1 Tor | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.
|
|||||
| CVE-2002-1465 | 1 Cafelog | 1 B2 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
|
|||||
| CVE-2006-3347 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2000-1166 | 1 Twig Development Team | 1 Twig | 2025-04-03 | 7.5 HIGH | N/A |
|
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
|
|||||
| CVE-2003-0530 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-3825 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
|
|||||
| CVE-2005-0273 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
|
|||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message.
|
|||||
| CVE-2006-3903 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 5.8 MEDIUM | N/A |
|
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
|
|||||
| CVE-2005-0375 | 1 Sergey Kiselev | 1 Sgallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.
|
|||||
| CVE-2006-1284 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.
|
|||||
| CVE-1999-1150 | 1 Livingston Portmaster | 1 Portmaster | 2025-04-03 | 7.5 HIGH | N/A |
|
Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions.
|
|||||
| CVE-2000-1160 | 1 Network Associates | 1 Sniffer Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
|
|||||
| CVE-2005-4240 | 1 Vcd-db | 1 Vcd-db | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.
|
|||||
| CVE-1999-0989 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
|
|||||
| CVE-2005-3479 | 1 Ringtail | 1 Casebook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter.
|
|||||
| CVE-1999-0862 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 2.1 LOW | N/A |
|
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
|
|||||
| CVE-2001-0773 | 1 Cayman | 1 3220-h Dsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests.
|
|||||
| CVE-1999-1198 | 1 Next | 1 Next | 2025-04-03 | 7.2 HIGH | N/A |
|
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
|
|||||