Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2034 | 1 Wildtangent | 1 Webdriver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.
|
|||||
| CVE-2003-0488 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
|
|||||
| CVE-2005-3540 | 1 Petris | 1 Petris | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.
|
|||||
| CVE-2004-0120 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
|
|||||
| CVE-1999-0447 | 1 Hp | 1 Mpe Ix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Local users can gain privileges using the debug utility in the MPE/iX operating system.
|
|||||
| CVE-2001-0619 | 1 Lucent | 1 Orinoco | 2025-04-03 | 7.5 HIGH | N/A |
|
The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.
|
|||||
| CVE-1999-0665 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
An application-critical Windows NT registry key has an inappropriate value.
|
|||||
| CVE-2006-2062 | 1 Leadhound Network | 2 Leadhound Full, Leadhound Lite | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commis ...
Show More |
|||||
| CVE-2003-0436 | 1 Mnogosearch | 1 Mnogosearch | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
|
|||||
| CVE-2000-0094 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.
|
|||||
| CVE-2002-2140 | 1 Cisco | 1 Pix Firewall Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.
|
|||||
| CVE-2005-0332 | 1 Ventia | 1 Desknow Mail And Collaboration Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.
|
|||||
| CVE-2004-1458 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.
|
|||||
| CVE-2005-1246 | 1 Vladislav Bogdanov | 1 Snmppd | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
|
|||||
| CVE-2006-4823 | 1 Reamday Enterprises | 1 Magic News Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.
|
|||||
| CVE-2006-0960 | 1 Compex | 1 Netpassage Wpe54g | 2025-04-03 | 5.0 MEDIUM | N/A |
|
uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778.
|
|||||
| CVE-2006-2558 | 1 Iplogger | 1 Iplogger | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed.
|
|||||
| CVE-2001-1014 | 1 Michael Boehme | 1 Webdiscount E Shop Online Shop System | 2025-04-03 | 7.5 HIGH | N/A |
|
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
|
|||||
| CVE-2006-1051 | 1 Akarru | 1 Social Bookmarking Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.
|
|||||
| CVE-2002-0218 | 1 Sas | 2 Sas Base, Sas Integration Technologies | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
|
|||||
| CVE-1999-1151 | 1 Compaq Microcom | 1 Microcom 6000 Access Integrator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password.
|
|||||
| CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
|
|||||
| CVE-2003-1117 | 1 Realnetworks | 2 Realsystem Proxy, Realsystem Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2002-0002 | 4 Engardelinux, Mandrakesoft, Redhat and 1 more | 4 Secure Linux, Mandrake Linux, Linux and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
|
|||||
| CVE-2004-0801 | 4 Conectiva, Linuxprinting.org, Sun and 1 more | 4 Linux, Foomatic-filters, Java Desktop System and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
|
|||||
| CVE-2000-0139 | 1 True North | 1 Internet Anywhere Mail Server | 2025-04-03 | 2.1 LOW | N/A |
|
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
|
|||||
| CVE-2003-1237 | 1 Matt Wright | 1 Wwwboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.
|
|||||
| CVE-2003-0220 | 1 Kerio | 1 Personal Firewall 2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
|
|||||
| CVE-2006-0409 | 1 Pixelpost | 1 Photoblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
|
|||||
| CVE-2006-3301 | 1 Phpqladmin | 1 Phpqladmin | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php.
|
|||||
| CVE-2002-1415 | 1 Webeasymail | 1 Webeasymail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests.
|
|||||
| CVE-2005-0401 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.1 MEDIUM | N/A |
|
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
|
|||||
| CVE-2004-0293 | 1 Shopcartcgi | 1 Shopcartcgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
|
|||||
| CVE-2000-1073 | 1 Netscape | 1 Iplanet Ical | 2025-04-03 | 7.2 HIGH | N/A |
|
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
|
|||||
| CVE-2005-2657 | 1 Common-lisp-controller | 1 Common-lisp-controller | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before.
|
|||||
| CVE-2004-2237 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
|
|||||
| CVE-2005-3635 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
|
|||||
| CVE-2005-2634 | 1 Winftp Server | 1 Winftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request.
|
|||||
| CVE-2005-1904 | 1 Jiro | 1 Jiro Upload System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-1999-1177 | 1 Lincoln D. Stein | 1 Nph-publish | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.
|
|||||