Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2677 | 1 Acnews | 1 Acnews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server.
|
|||||
| CVE-2002-1129 | 2 Compaq, Digital | 2 Tru64, Osf 1 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dxterm allows local users to execute arbitrary code via a long -xrm argument.
|
|||||
| CVE-2005-2743 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-0810 | 1 Samba | 1 Samba | 2025-04-03 | 10.0 HIGH | N/A |
|
Denial of service in Samba NETBIOS name service daemon (nmbd).
|
|||||
| CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
|
|||||
| CVE-2005-3234 | 1 Grisoft | 1 Avg Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2006-1488 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message.
|
|||||
| CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
|
|||||
| CVE-2004-0942 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
|
|||||
| CVE-2006-0107 | 1 Idea Development Id Oy | 1 Timecan Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108.
|
|||||
| CVE-2004-0554 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
|
|||||
| CVE-2002-1880 | 1 Lokwa | 1 Lokwabb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php.
|
|||||
| CVE-1999-0485 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 2.6 LOW | N/A |
|
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
|
|||||
| CVE-1999-0264 | 1 Miva | 1 Htmlscript | 2025-04-03 | 5.0 MEDIUM | N/A |
|
htmlscript CGI program allows remote read access to files.
|
|||||
| CVE-2004-0613 | 1 Osticket | 1 Osticket Sts | 2025-04-03 | 7.5 HIGH | N/A |
|
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
|
|||||
| CVE-2003-0319 | 1 Smartmax Software | 1 Mailmax | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command.
|
|||||
| CVE-2002-0374 | 1 Padl Software | 1 Pam Ldap | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
|
|||||
| CVE-2000-1208 | 4 Immunix, Netbsd, Openbsd and 1 more | 4 Immunix, Netbsd, Openbsd and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
|
|||||
| CVE-2005-0730 | 1 Py Software | 1 Active Webcam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt.
|
|||||
| CVE-2004-2153 | 1 Real Estate Management Software | 1 Real Estate Management Software | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.
|
|||||
| CVE-2004-2448 | 2 Cassiopeia, Itransact | 2 S-mart Shopping Cart, Redicart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.
|
|||||
| CVE-2002-0304 | 1 Summit Computer Networks | 1 Lil Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.
|
|||||
| CVE-2001-0274 | 1 Kicq | 1 Kicq | 2025-04-03 | 7.5 HIGH | N/A |
|
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
|||||
| CVE-2005-3010 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
|
|||||
| CVE-2006-4636 | 1 Szewo | 1 Phpcommander | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
|
|||||
| CVE-2005-2653 | 1 Bbcaffe | 1 Bbcaffe | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message.
|
|||||
| CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2025-04-03 | 10.0 HIGH | N/A |
|
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access.
|
|||||
| CVE-2005-1811 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.
|
|||||
| CVE-1999-1263 | 1 Metamail Corporation | 1 Metamail | 2025-04-03 | 2.6 LOW | N/A |
|
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
|
|||||
| CVE-2006-0480 | 1 Spaiz | 1 Spaiz-nuke Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
|
|||||
| CVE-2001-0571 | 1 Elron | 2 Im Anti Virus, Im Message Inspector | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
|
|||||
| CVE-2003-0154 | 1 Mozilla | 1 Bonsai | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
|
|||||
| CVE-2006-4420 | 1 Phaos | 1 Phaos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.
|
|||||
| CVE-2004-2467 | 1 Efs Software | 1 Easy Chat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash).
|
|||||
| CVE-2003-0577 | 1 Mpg123 | 1 Mpg123 | 2025-04-03 | 7.5 HIGH | N/A |
|
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.
|
|||||
| CVE-2005-0415 | 1 Ulrik Petersen | 1 Emdros Database Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements.
|
|||||
| CVE-2002-0076 | 3 Hp, Microsoft, Sun | 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
|
|||||
| CVE-2006-3828 | 1 Kailash Nadh | 1 Boastmachine | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
|
|||||
| CVE-2005-3024 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergrou ...
Show More |
|||||
| CVE-1999-1282 | 1 Realnetworks | 1 Realsystem G2 Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.
|
|||||