Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0753 | 1 Cvs | 1 Cvs | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-1916 | 1 Dbbs | 1 Dbbs | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.
|
|||||
| CVE-2001-0755 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.
|
|||||
| CVE-2001-0114 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
|
|||||
| CVE-1999-1330 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
|
|||||
| CVE-2006-2450 | 1 Libvncserver | 1 Libvncserver | 2025-04-03 | 7.5 HIGH | N/A |
|
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
|
|||||
| CVE-2005-4456 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.8 HIGH | N/A |
|
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402.
|
|||||
| CVE-2000-0337 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
|
|||||
| CVE-2004-1917 | 1 Lcdproc | 1 Lcdproc | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.
|
|||||
| CVE-2005-0949 | 1 Iatek | 1 Portalapp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter.
|
|||||
| CVE-1999-1248 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
|
|||||
| CVE-2003-1115 | 1 Nortel | 1 Succession Communication Server 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
|
|||||
| CVE-2005-4517 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.
|
|||||
| CVE-2005-3235 | 1 Proland | 1 Protector Plus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Proland Protector Plus 2000 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2005-3104 | 1 Six Apart | 1 Movable Type | 2025-04-03 | 2.6 LOW | N/A |
|
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
|
|||||
| CVE-2005-1636 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
|
|||||
| CVE-2005-3490 | 1 Asus | 1 Video Security Online | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.
|
|||||
| CVE-2006-4880 | 1 David Bennett | 1 Php-post | 2025-04-03 | 5.0 MEDIUM | N/A |
|
David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
|
|||||
| CVE-2004-0799 | 2 Ipswitch, Progress | 2 Whatsup Gold, Whatsup Gold | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
|
|||||
| CVE-2006-1486 | 1 Fusionzone | 1 Realestatezone | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.
|
|||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.
|
|||||
| CVE-2005-4662 | 1 Ocomon | 1 Ocomon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664.
|
|||||
| CVE-1999-1478 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
|
|||||
| CVE-2001-0592 | 1 Watchguard | 1 Firebox Ii | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets.
|
|||||
| CVE-2004-2334 | 1 Emumail | 1 Emu Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
|
|||||
| CVE-2006-2716 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 7.5 HIGH | N/A |
|
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server.
|
|||||
| CVE-2001-0218 | 1 Martin Stover | 1 Mars Nwe | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-1205 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) ...
Show More |
|||||
| CVE-1999-0241 | 3 Sgi, Sun, Xfree86 Project | 4 Irix, Solaris, Sunos and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
|
|||||
| CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
|
|||||
| CVE-2002-0133 | 1 Avirt | 3 Avirt Gateway, Avirt Gateway Suite, Avirt Soho | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy.
|
|||||
| CVE-2006-0538 | 1 Ciphertrust | 1 Ironmail | 2025-04-03 | 2.6 LOW | N/A |
|
CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections.
|
|||||
| CVE-2005-2322 | 2 Class-1, Clever Copy | 2 Class-1 Forum, Clever Copy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the (1) viewuser_id or (2) group parameter to users.php.
|
|||||
| CVE-2001-0854 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
|
|||||
| CVE-1999-0343 | 1 Palace | 1 Palace Client | 2025-04-03 | 5.1 MEDIUM | N/A |
|
A malicious Palace server can force a client to execute arbitrary programs.
|
|||||
| CVE-2000-0491 | 3 Caldera, Gnome, Suse | 3 Openlinux, Gdm, Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
|
|||||
| CVE-2004-1224 | 1 Mtr | 1 Mtr | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
|
|||||
| CVE-1999-1099 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
|
|||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.
|
|||||
| CVE-2006-4566 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
|
|||||