Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4441 | 1 Pvlan Protocol | 1 Pvlan Protocol | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c.
|
|||||
| CVE-2005-0872 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.
|
|||||
| CVE-2006-2741 | 1 Epic Designs | 1 Tinybb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors.
|
|||||
| CVE-2004-0470 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
|
|||||
| CVE-2000-0661 | 1 Wircsrv | 1 Irc Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.
|
|||||
| CVE-2003-0152 | 1 Mozilla | 1 Bonsai | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
|
|||||
| CVE-2005-3438 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager.
|
|||||
| CVE-2001-1198 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
|
|||||
| CVE-2005-3999 | 1 Sitebeater | 1 Sitebeater Mp3 Catalog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
|||||
| CVE-2005-3372 | 1 Broadcom | 1 Etrust Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2006-4584 | 1 Tr Forum | 1 Tr Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
|
|||||
| CVE-1999-1031 | 1 Behold Software | 1 Web Page Counter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument.
|
|||||
| CVE-2001-0107 | 1 Symantec Veritas | 1 Backup | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.
|
|||||
| CVE-2006-2870 | 1 Intelligent Solutions | 1 Asp Discussion Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable.
|
|||||
| CVE-1999-0286 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages.
|
|||||
| CVE-2002-1281 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
|
|||||
| CVE-2004-1286 | 1 Napshare | 1 Napshare | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
|
|||||
| CVE-2005-1406 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
|
|||||
| CVE-2006-3089 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /remises/ajouter_remise.php, (c) /tva/ajouter_tva.php, (d) /stocks/ajouter.php, (e) /pays/ajouter_pays.php, (f) /produits/ajouter_cat.php, (g) /produits/ajouter_produit.php and (h) /produits/modifier_cat.php; (3) tire parameter in /remises/ajouter ...
Show More |
|||||
| CVE-2005-1549 | 1 Colored Scripts | 1 Easy Message Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter.
|
|||||
| CVE-2005-1313 | 1 Horde | 1 Passwd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-2006-2133 | 1 Boonex | 1 Barracuda | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality.
|
|||||
| CVE-2006-1565 | 1 Debian | 1 Debian Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
|
|||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.
|
|||||
| CVE-2006-4043 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
|
|||||
| CVE-2006-4721 | 1 Ccleague | 1 Pro Sports Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.
|
|||||
| CVE-2004-0659 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.
|
|||||
| CVE-2005-3587 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 10.0 HIGH | N/A |
|
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
|
|||||
| CVE-2006-4144 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 2.6 LOW | N/A |
|
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
|
|||||
| CVE-2004-1979 | 1 Props | 1 Props | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter.
|
|||||
| CVE-2003-1050 | 1 Ibm | 1 Db2 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
|
|||||
| CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2025-04-03 | 7.2 HIGH | N/A |
|
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.
|
|||||
| CVE-2005-3954 | 1 Blogbuddies | 1 Blogbuddies | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.
|
|||||
| CVE-2000-1015 | 1 Open Source Development Network | 1 Slashcode | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands.
|
|||||
| CVE-2006-0580 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP).
|
|||||
| CVE-2006-0406 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.
|
|||||
| CVE-2005-3580 | 1 Qdbm | 1 Qdbm | 2025-04-03 | 7.2 HIGH | N/A |
|
QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
|
|||||
| CVE-2005-4735 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 6.8 MEDIUM | N/A |
|
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
|
|||||
| CVE-2004-0074 | 1 Michael Bischoff | 1 Xsok | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
|
|||||