Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1182 | 1 Mpm | 1 Mpm Guestbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
|
|||||
| CVE-2002-1385 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 7.2 HIGH | N/A |
|
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
|
|||||
| CVE-2004-1237 | 3 Linux, Redhat, Suse | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
|
|||||
| CVE-2000-0676 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
|
|||||
| CVE-2003-0554 | 1 Neomodus | 1 Direct Connect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports.
|
|||||
| CVE-2000-0802 | 1 Pgp | 1 Personal Privacy | 2025-04-03 | 3.6 LOW | N/A |
|
The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.
|
|||||
| CVE-2003-0671 | 1 Jeremy Elson | 1 Tcpflow | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
|
|||||
| CVE-2006-0681 | 1 Power Daemon | 1 Power Daemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable.
|
|||||
| CVE-2002-0973 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.
|
|||||
| CVE-2006-2264 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-2046 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
|
|||||
| CVE-2006-1332 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message.
|
|||||
| CVE-2004-2167 | 1 Latex2rtf | 1 Latex2rtf | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.
|
|||||
| CVE-1999-1456 | 1 Thttpd | 1 Thttpd Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
|
|||||
| CVE-2005-2194 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.
|
|||||
| CVE-2006-1483 | 1 Desiderata Software | 1 Blazix Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of a URL.
|
|||||
| CVE-2005-0510 | 1 Fallback-reboot | 1 Fallback-reboot | 2025-04-03 | 2.1 LOW | N/A |
|
The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.
|
|||||
| CVE-2006-4760 | 1 Benjamin Pasero And Tobias Eichert | 1 Rssowl | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
|
|||||
| CVE-2005-1142 | 1 Gocr | 1 Optical Character Recognition Utility | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values.
|
|||||
| CVE-2006-3832 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2003-0660 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
|
|||||
| CVE-2006-0610 | 1 2200net | 1 2200net Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php.
|
|||||
| CVE-2000-0414 | 1 Hp | 2 Hp-ux, Vvos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
|
|||||
| CVE-2006-3606 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
|
|||||
| CVE-2000-0781 | 1 Ca | 1 Arcserve Backup | 2025-04-03 | 7.2 HIGH | N/A |
|
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
|
|||||
| CVE-1999-0040 | 7 Bsdi, Freebsd, Hp and 4 more | 10 Bsd Os, Freebsd, Hp-ux and 7 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
|
|||||
| CVE-2006-3196 | 1 Singapore | 1 Singapore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message.
|
|||||
| CVE-2001-0130 | 1 Lotus | 2 Domino R5 Client, Domino R5 Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.
|
|||||
| CVE-2004-0032 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
|
|||||
| CVE-2001-1164 | 1 Caldera | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.
|
|||||
| CVE-2005-0376 | 1 Sergey Kiselev | 1 Sgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.
|
|||||
| CVE-2003-1001 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
|
|||||
| CVE-1999-1311 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
|
|||||
| CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
|
|||||
| CVE-2006-1077 | 1 Evo-dev | 1 Evoblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.
|
|||||
| CVE-2000-0406 | 1 Netscape | 1 Communicator | 2025-04-03 | 2.6 LOW | N/A |
|
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
|
|||||
| CVE-2006-4345 | 1 Digium | 1 Asterisk | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.
|
|||||
| CVE-2000-0265 | 1 Panda | 1 Panda Security | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.
|
|||||
| CVE-2005-1208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows 98 and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
|
|||||
| CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
|
|||||