Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0866 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
|
|||||
| CVE-2006-1375 | 1 Brain Book Software | 1 Adman | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.
|
|||||
| CVE-1999-1073 | 1 Excite | 1 Ews | 2025-04-03 | 7.2 HIGH | N/A |
|
Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack.
|
|||||
| CVE-2001-0508 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
|
|||||
| CVE-2005-2811 | 1 Net-snmp | 1 Net-snmp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.
|
|||||
| CVE-2003-0429 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.
|
|||||
| CVE-2002-1677 | 1 Mrtg | 1 Mrtgconfig | 2025-04-03 | 5.0 MEDIUM | N/A |
|
14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine the physical path to the web root directory via a request with an invalid cfg parameter, which generates an error message that reveals the path.
|
|||||
| CVE-2005-4627 | 2 Gfhost, Gmailsite | 2 Gfhost, Gmailsite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
|
|||||
| CVE-2005-4137 | 1 Fad Solutions | 1 Drzes Hms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.
|
|||||
| CVE-2004-0155 | 1 Kame | 1 Racoon | 2025-04-03 | 7.5 HIGH | N/A |
|
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
|
|||||
| CVE-2005-0661 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.
|
|||||
| CVE-2004-0819 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.
|
|||||
| CVE-2006-1925 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist.
|
|||||
| CVE-2003-1306 | 1 Microsoft | 1 Urlscan | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
|
|||||
| CVE-2005-4800 | 1 Yapig | 1 Yapig | 2025-04-03 | 9.0 HIGH | N/A |
|
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
|
|||||
| CVE-2004-0268 | 1 Evolutionx | 1 Evolutionx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server.
|
|||||
| CVE-2006-3862 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
|
|||||
| CVE-2003-0929 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 7.5 HIGH | N/A |
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
|
|||||
| CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.
|
|||||
| CVE-2006-1657 | 1 Chucky A. Ivey | 1 N.t. | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page.
|
|||||
| CVE-2004-1480 | 1 Hp | 1 Storageworks Command View | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.
|
|||||
| CVE-2000-0662 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).
|
|||||
| CVE-2004-2267 | 1 Ansel | 1 Ansel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name.
|
|||||
| CVE-2002-1472 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
|
|||||
| CVE-2003-0740 | 1 Stunnel | 1 Stunnel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
|
|||||
| CVE-1999-0907 | 1 Steven J. Merrifield | 1 Soundcard Cw | 2025-04-03 | 2.1 LOW | N/A |
|
sccw allows local users to read arbitrary files.
|
|||||
| CVE-2005-3756 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
|
|||||
| CVE-2003-0375 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter.
|
|||||
| CVE-1999-1096 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
|
|||||
| CVE-2000-0983 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
|
|||||
| CVE-2004-1381 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
|
|||||
| CVE-2005-0530 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.
|
|||||
| CVE-2005-2848 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
|
|||||
| CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
|
|||||
| CVE-2004-0036 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
|
|||||
| CVE-2003-0438 | 1 Yuuichi Teranishi | 1 Eldav | 2025-04-03 | 1.2 LOW | N/A |
|
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2004-2509 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
|
|||||
| CVE-2004-2453 | 1 Tutti Nova | 1 Tutti Nova | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.
|
|||||
| CVE-2004-1555 | 1 Broadboard Instant | 1 Asp Message Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.
|
|||||
| CVE-2005-4401 | 1 Lutece | 1 Lutece | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter.
|
|||||