Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2026 | 1 Apsis | 1 Pound | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
|
|||||
| CVE-2005-2511 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
|
|||||
| CVE-2002-0826 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
|
|||||
| CVE-1999-0953 | 1 Matt Wright | 1 Wwwboard | 2025-04-03 | 10.0 HIGH | N/A |
|
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
|
|||||
| CVE-2004-0521 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
|
|||||
| CVE-2004-0639 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
|
|||||
| CVE-2004-0181 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
|
|||||
| CVE-1999-0400 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Denial of service in Linux 2.2.0 running the ldd command on a core file.
|
|||||
| CVE-2006-3659 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
|
|||||
| CVE-2002-1842 | 1 Perlbot | 1 Perlbot | 2025-04-03 | 7.5 HIGH | N/A |
|
Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
|
|||||
| CVE-1999-0221 | 1 Lucent | 1 Ascend Routers | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service of Ascend routers through port 150 (remote administration).
|
|||||
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
|
|||||
| CVE-2006-1476 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.6 LOW | N/A |
|
Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program.
|
|||||
| CVE-1999-0756 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
|
|||||
| CVE-2005-3018 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.
|
|||||
| CVE-2003-0711 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
|
|||||
| CVE-2006-0980 | 1 Jay Eckles | 1 Cgi Calendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi.
|
|||||
| CVE-2006-1911 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.
|
|||||
| CVE-2006-0851 | 1 Ilch.de | 1 Ilchclan | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.
|
|||||
| CVE-2006-1579 | 1 Dbbs | 1 Dbbs | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter.
|
|||||
| CVE-2000-0896 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.
|
|||||
| CVE-2000-0300 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 10.0 HIGH | N/A |
|
The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts.
|
|||||
| CVE-2005-0100 | 1 Gnu | 2 Emacs, Xemacs | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
|
|||||
| CVE-2004-2444 | 1 Jaws | 1 Jaws | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
|||||
| CVE-2006-2662 | 1 Vmware | 1 Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
|
|||||
| CVE-2003-0758 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories.
|
|||||
| CVE-2006-0407 | 1 Azbb | 1 Az Bulletin Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.
|
|||||
| CVE-2006-1763 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php).
|
|||||
| CVE-2005-3197 | 1 Webroot Software | 1 Desktop Firewall | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list.
|
|||||
| CVE-2006-0741 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 1.2 LOW | N/A |
|
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
|
|||||
| CVE-2001-1401 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
|
|||||
| CVE-2002-2149 | 1 Lucent | 3 Access Point Service Router 1500, Access Point Service Router 300, Access Point Service Router 600 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Routers allows remote attackers to cause a denial of service (reboot) via a long HTTP request to the administrative interface.
|
|||||
| CVE-2003-1075 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
|
|||||
| CVE-2002-0528 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 10.0 HIGH | N/A |
|
Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.
|
|||||
| CVE-2004-0794 | 1 Luke Mewburn | 2 Lukemftp, Tnftpd | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2001-1527 | 1 Easyscripts | 1 Easynews | 2025-04-03 | 2.1 LOW | N/A |
|
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
|
|||||
| CVE-2005-2524 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
|
|||||
| CVE-2004-0620 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
|
|||||
| CVE-2006-0341 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
|
|||||