Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
|
|||||
| CVE-2002-1264 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
|
|||||
| CVE-2005-2439 | 1 Usebb | 1 Usebb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.
|
|||||
| CVE-2006-0702 | 1 Imagevue | 1 Imagevue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.
|
|||||
| CVE-1999-0719 | 1 Gnu | 1 Gnumeric | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
|
|||||
| CVE-2003-1196 | 1 Vienuke | 1 Vieboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
|
|||||
| CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
|
|||||
| CVE-2005-4461 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter.
|
|||||
| CVE-2006-3039 | 1 Cescripts | 1 Realty Home Rent | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
|
|||||
| CVE-2006-3795 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.
|
|||||
| CVE-2004-2047 | 1 Easyweb | 1 Easyweb Filemanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.
|
|||||
| CVE-2004-0347 | 1 Netscreen | 1 Netscreen-sa 5000 Series | 2025-04-03 | 6.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.
|
|||||
| CVE-2006-1162 | 1 Nodez | 1 Nodez | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
|
|||||
| CVE-2006-0201 | 1 Paypal | 1 Php Toolkit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
|
|||||
| CVE-2005-3464 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04.
|
|||||
| CVE-2006-0151 | 2 Todd Miller, Ubuntu | 2 Sudo, Ubuntu Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
|
|||||
| CVE-2005-2514 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
|
|||||
| CVE-2005-2808 | 1 Frox | 1 Frox | 2025-04-03 | 7.5 HIGH | N/A |
|
frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts.
|
|||||
| CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
|
|||||
| CVE-2001-0683 | 1 Netscape | 1 Collabra Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238.
|
|||||
| CVE-2001-1380 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
|
|||||
| CVE-2001-0955 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
|
|||||
| CVE-2006-0393 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
|
|||||
| CVE-2006-0190 | 1 Sun | 1 Solaris | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.
|
|||||
| CVE-2006-3512 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.
|
|||||
| CVE-2006-0775 | 1 Ridder Roeland | 1 Birthsys | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.
|
|||||
| CVE-2005-1014 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.
|
|||||
| CVE-2000-0016 | 1 True North | 1 Internet Anywhere Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service or execute commands via a long username.
|
|||||
| CVE-2001-0416 | 3 Debian, Immunix, Mandrakesoft | 3 Sgml-tools, Immunix, Mandrake Linux | 2025-04-03 | 2.1 LOW | N/A |
|
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
|
|||||
| CVE-2006-2184 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues."
|
|||||
| CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
|
|||||
| CVE-2006-1233 | 1 Mikael Software | 1 Wmnews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.
|
|||||
| CVE-2004-1270 | 2 Easy Software Products, Redhat | 2 Cups, Fedora Core | 2025-04-03 | 2.1 LOW | N/A |
|
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
|
|||||
| CVE-2002-1720 | 1 Outfront | 1 Spooky Login | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows remote attackers to bypass authentication and gain privileges via the password field.
|
|||||
| CVE-2000-0261 | 1 Avm | 1 Ken | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2002-2316 | 1 Cisco | 1 Catos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing.
|
|||||
| CVE-2000-1195 | 1 Caldera | 2 Openlinux Edesktop, Openlinux Eserver | 2025-04-03 | 7.5 HIGH | N/A |
|
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
|
|||||
| CVE-1999-1516 | 1 Tenfour | 1 Tfs Gateway Smtp | 2025-04-03 | 7.5 HIGH | N/A |
|
A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows an attacker to crash the mail server and possibly execute arbitrary code by offering more than 128 bytes in a MAIL FROM string.
|
|||||
| CVE-2001-0351 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
|
|||||
| CVE-2004-1500 | 2 Freeform Interactive, Monolith Productions | 11 Purge Jihad, Alien Versus Predator, Blood and 8 more | 2025-04-03 | 2.1 LOW | N/A |
|
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
|
|||||