Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0908 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.
|
|||||
| CVE-2004-0245 | 1 Web Crossing Inc | 1 Web Crossing | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero.
|
|||||
| CVE-2006-4221 | 1 Ibm | 1 Egatherer | 2025-04-03 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.
|
|||||
| CVE-2000-0076 | 2 Berkeley, Debian | 2 Nvi, Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
|
|||||
| CVE-2006-0856 | 1 Scriptme | 1 Sme Gb Host | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter.
|
|||||
| CVE-2002-0685 | 1 Pgp | 3 Desktop Security, Freeware, Personal Security | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.
|
|||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
|
|||||
| CVE-2004-1707 | 1 Oracle | 5 Application Server, Application Server Portal, Database Server Lite and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
|
|||||
| CVE-2004-0254 | 1 Crosscom Olicom | 1 Discuz | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
|
|||||
| CVE-2005-1836 | 1 Nextweb | 1 Nextweb \(i\)site | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NEXTWEB (i)Site allows remote attackers to cause a denial of service (error 500) via a crafted HTTP request, possibly involving wildcard requests for .jsp files.
|
|||||
| CVE-1999-1303 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.
|
|||||
| CVE-2006-0867 | 1 South River | 1 Webdrive | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field.
|
|||||
| CVE-2003-0681 | 8 Apple, Gentoo, Hp and 5 more | 14 Mac Os X, Mac Os X Server, Linux and 11 more | 2025-04-03 | 7.5 HIGH | N/A |
|
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
|
|||||
| CVE-2005-2643 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.
|
|||||
| CVE-2005-2110 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
|||||
| CVE-2005-2875 | 1 Py2play | 1 Py2play | 2025-04-03 | 7.5 HIGH | N/A |
|
Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.
|
|||||
| CVE-1999-0575 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking.
|
|||||
| CVE-2006-1109 | 1 Totalecommerce | 1 Totalecommerce | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE.
|
|||||
| CVE-2005-2284 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
|
|||||
| CVE-2002-1194 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.
|
|||||
| CVE-1999-1454 | 1 Macromedia | 1 Matrix Screen Saver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key.
|
|||||
| CVE-2003-0406 | 1 Palmvnc | 1 Palmvnc | 2025-04-03 | 7.2 HIGH | N/A |
|
PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges.
|
|||||
| CVE-2005-4264 | 1 Triangle Solutions | 1 Php Support Tickets | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parameter.
|
|||||
| CVE-2003-0836 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command.
|
|||||
| CVE-2002-0607 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
|
|||||
| CVE-2006-4627 | 1 Microsoft | 1 System Information Activex Control | 2025-04-03 | 5.0 MEDIUM | N/A |
|
System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument.
|
|||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
|
|||||
| CVE-2003-0195 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
|
|||||
| CVE-2002-0224 | 1 Microsoft | 3 Internet Information Services, Sql Server, Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
|
|||||
| CVE-2005-3704 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
|
|||||
| CVE-2002-0961 | 1 Voxel | 1 Cbms | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack.
|
|||||
| CVE-2005-0109 | 5 Freebsd, Redhat, Sco and 2 more | 8 Freebsd, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-03 | 4.7 MEDIUM | 5.6 MEDIUM |
|
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
|
|||||
| CVE-2003-1058 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 3.7 LOW | N/A |
|
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
|
|||||
| CVE-2005-4647 | 1 Pearlinger | 1 Pearl Forums | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-1564 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
|
|||||
| CVE-2000-0045 | 1 Oracle | 1 Mysql | 2025-04-03 | 6.4 MEDIUM | N/A |
|
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
|
|||||
| CVE-2003-0651 | 1 Mod Mylo | 1 Mod Mylo | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2000-0128 | 1 Daniel Beckham | 1 The Finger Server | 2025-04-03 | 10.0 HIGH | N/A |
|
The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.
|
|||||
| CVE-1999-1382 | 1 Novell | 1 Netware | 2025-04-03 | 7.2 HIGH | N/A |
|
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
|
|||||
| CVE-2006-2585 | 1 Greg Donald | 1 Destiney Links Script | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||