Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0544 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
|
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
|
|||||
| CVE-2003-0489 | 1 Michael C. Toren | 1 Tcptraceroute | 2025-04-03 | 7.2 HIGH | N/A |
|
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
|
|||||
| CVE-2000-0779 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.
|
|||||
| CVE-2001-0817 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
|
|||||
| CVE-2005-2383 | 1 Phpnews | 1 Phpnews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request.
|
|||||
| CVE-2005-0452 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
|
|||||
| CVE-2004-0295 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.
|
|||||
| CVE-2000-0877 | 1 Ranson Johnson | 1 Mailform | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
|
|||||
| CVE-2001-0470 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
|
|||||
| CVE-2006-0803 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
|
|||||
| CVE-1999-1202 | 1 Startech | 2 Pop3 Proxy Server, Telnet Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
StarTech (1) POP3 proxy server and (2) telnet server allows remote attackers to cause a denial of service via a long USER command.
|
|||||
| CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.
|
|||||
| CVE-2006-3154 | 1 Thinkfactory | 1 Ultimate Estate | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2004-2573 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
|
|||||
| CVE-2005-4822 | 1 Digger Solutions | 1 Intranet Open Source | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id parameter.
|
|||||
| CVE-2001-1019 | 1 Seaglass Technologies Inc. | 1 Sglmerchant | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter.
|
|||||
| CVE-1999-0145 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 7.2 HIGH | N/A |
|
Sendmail WIZ command enabled, allowing root access.
|
|||||
| CVE-2001-0255 | 1 Fastream | 2 Fastream Ftp\+\+ Server, Fastream Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
|
|||||
| CVE-2002-0946 | 1 Seanox | 1 Devwex | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request.
|
|||||
| CVE-2001-0408 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 5.1 MEDIUM | N/A |
|
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
|
|||||
| CVE-2000-1115 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
|
|||||
| CVE-2006-0935 | 1 Microsoft | 1 Word | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
|
|||||
| CVE-2002-1107 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
|
|||||
| CVE-2006-2146 | 1 Harold Bakker | 1 Hb-ns | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter.
|
|||||
| CVE-2006-3585 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.
|
|||||
| CVE-2002-0052 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
|
|||||
| CVE-2002-0312 | 1 Essen | 1 Essentia Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2006-0297 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
|
|||||
| CVE-2006-3283 | 1 Datetopia | 1 Dating Agent Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.
|
|||||
| CVE-1999-0393 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
|
|||||
| CVE-1999-1266 | 1 Metamail Corporation | 1 Metamail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system.
|
|||||
| CVE-2000-0326 | 1 On Technology | 1 Meeting Maker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts.
|
|||||
| CVE-2005-2453 | 1 Networkactiv | 1 Networkactiv Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string.
|
|||||
| CVE-1999-0820 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
|
|||||
| CVE-1999-1435 | 1 Nec | 1 Socks 5 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables.
|
|||||
| CVE-2002-1840 | 1 Irssi | 1 Irssi | 2025-04-03 | 10.0 HIGH | N/A |
|
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
|
|||||
| CVE-2006-4894 | 1 Idevspot | 1 Nixieaffiliate | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
|
|||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2006-4079 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
|
|||||
| CVE-2002-1378 | 1 Openldap | 1 Openldap | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests.
|
|||||