Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
|
|||||
| CVE-2005-3001 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
|
|||||
| CVE-2005-4249 | 1 Adp | 1 Adp Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.
|
|||||
| CVE-2001-1184 | 1 Denicomp | 1 Winsock Rshd Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.
|
|||||
| CVE-2003-1127 | 1 Whale Communications | 1 E-gap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.
|
|||||
| CVE-2005-3138 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
|
|||||
| CVE-2003-0226 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
|
|||||
| CVE-2001-0119 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2025-04-03 | 1.2 LOW | N/A |
|
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2004-1744 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
|
|||||
| CVE-2001-0386 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
|
|||||
| CVE-2003-0553 | 1 Netscape | 1 Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
|
|||||
| CVE-2004-2433 | 3 Altnet, Grokster, Kazaa | 3 Altnet Download Manager, Grokster, Kazaa Media Desktop | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter.
|
|||||
| CVE-1999-0809 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
|
|||||
| CVE-2006-2087 | 1 Hitachi | 4 Groupmax Integrated Desktop, Groupmax Mail, Groupmax World Wide Web and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename.
|
|||||
| CVE-2001-0692 | 1 Watchguard | 2 Firebox 2500, Firebox 4500 | 2025-04-03 | 7.5 HIGH | N/A |
|
SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.
|
|||||
| CVE-2005-0215 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
|
|||||
| CVE-2006-4455 | 1 Xchat | 1 Xchat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
|
|||||
| CVE-2005-0382 | 1 Breed | 1 Breed | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference.
|
|||||
| CVE-2002-1765 | 1 Ximian | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.
|
|||||
| CVE-2006-0579 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
|
|||||
| CVE-2006-0171 | 1 Orjinweb | 1 Orjinweb E-commerce | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE.
|
|||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.
|
|||||
| CVE-2006-2569 | 2 4r Linklist, Woltlab | 2 4r Linklist, Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2003-1175 | 1 Synthetic Reality | 1 Sympoll | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
|
|||||
| CVE-2004-2482 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-1428 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.
|
|||||
| CVE-2002-1473 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2004-1739 | 1 Bird Chat | 1 Internet Chat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
|
|||||
| CVE-2006-3182 | 1 Mobescripts | 1 Mobile Space Community | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page.
|
|||||
| CVE-2004-2232 | 1 Moodle | 1 Moodle | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.
|
|||||
| CVE-2006-3111 | 1 Chipmailer | 1 Chipmailer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.
|
|||||
| CVE-2005-4756 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
|
|||||
| CVE-2002-1134 | 1 Hp | 1 Webes Service Tools | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files.
|
|||||
| CVE-2005-3426 | 1 Cisco | 1 Content Services Switch 11500 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
|
|||||
| CVE-2001-0377 | 1 Infradig | 1 Inframail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
|
|||||
| CVE-2000-0843 | 2 Dave Airlie, Luke Kenneth Casson Leighton | 2 Pam Smb, Pam Ntdom | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.
|
|||||
| CVE-2005-1580 | 1 Boastmachine | 1 Boastmachine | 2025-04-03 | 7.5 HIGH | N/A |
|
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2000-0222 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 10.0 HIGH | N/A |
|
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
|
|||||
| CVE-2001-1335 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
|
|||||
| CVE-2000-0176 | 1 Cat Soft | 1 Serv-u | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
|
|||||