Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3964 | 1 Integrated Computer Solutions | 1 Openmotif | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
|
|||||
| CVE-2000-0977 | 1 Oatmeal Studios | 1 Mail File | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
|
|||||
| CVE-2005-1603 | 1 Niteenterprises | 1 Remote File Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080.
|
|||||
| CVE-2000-1030 | 1 Csandt | 1 Corporatetime For The Web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server.
|
|||||
| CVE-2004-0264 | 2 Jim Rees, Shaun2k2 | 2 Jim Rees Httpd, Palmhttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue.
|
|||||
| CVE-2005-0175 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
|
|||||
| CVE-2002-2126 | 1 Pedestal Software | 1 Integrity Protection Driver | 2025-04-03 | 2.1 LOW | N/A |
|
restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.
|
|||||
| CVE-2006-1690 | 1 Manic Web | 1 Mwnewsletter | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.
|
|||||
| CVE-2005-1723 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.
|
|||||
| CVE-2006-2801 | 1 Unak | 1 Unak Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters.
|
|||||
| CVE-2005-3459 | 1 Oracle | 2 Clinical, E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.
|
|||||
| CVE-2000-0700 | 1 Cisco | 4 Gigabit Switch Router 12008, Gigabit Switch Router 12012, Gigabit Switch Router 12016 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
|
|||||
| CVE-2002-0115 | 1 Martin Roesch | 1 Snort | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.
|
|||||
| CVE-2005-4408 | 1 Pc Media | 1 Miraserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
|
|||||
| CVE-2006-1211 | 1 Micromuse | 1 Netcool Neusecure | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
|
|||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
|
|||||
| CVE-1999-1546 | 1 Ibm | 1 Navio Nc Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.
|
|||||
| CVE-2003-0037 | 1 Noffle | 1 Noffle | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.
|
|||||
| CVE-2006-2835 | 1 Arabless | 1 Saphplesson | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.
|
|||||
| CVE-2000-1097 | 1 Sonicwall | 1 Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
|
|||||
| CVE-2002-1781 | 1 Delegate | 1 Delegate | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.
|
|||||
| CVE-2005-3067 | 1 Scriptsolutions | 1 Perldiver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter.
|
|||||
| CVE-2006-4031 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
|
|||||
| CVE-2005-1115 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.
|
|||||
| CVE-2006-1390 | 1 Gentoo | 1 Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
|
|||||
| CVE-2006-1809 | 1 Lifetype | 1 Lifetype | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message.
|
|||||
| CVE-2004-1450 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
|
|||||
| CVE-2006-2458 | 1 Libextractor | 1 Libextractor | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
|
|||||
| CVE-2005-0992 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
|
|||||
| CVE-1999-1250 | 1 Blue World Communications | 1 Lasso Cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files.
|
|||||
| CVE-2006-2412 | 1 Raydium | 1 Raydium | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read).
|
|||||
| CVE-2005-4064 | 1 Alan Ward | 1 A-faq | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
|
|||||
| CVE-2005-1296 | 1 Include.cgi | 1 Include.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
|
|||||
| CVE-2001-0587 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
|
|||||
| CVE-2006-0709 | 1 Metamail Corporation | 1 Metamail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.
|
|||||
| CVE-2006-1914 | 1 Dbbs | 1 Dbbs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue.
|
|||||
| CVE-2001-1287 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2000-0861 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.2 HIGH | N/A |
|
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
|
|||||
| CVE-2004-1391 | 1 Qnx | 2 Rtos, Rtp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.
|
|||||
| CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp.
|
|||||