Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0743 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
|
|||||
| CVE-2002-0719 | 1 Microsoft | 1 Content Management Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
|
|||||
| CVE-2006-4352 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2002-1622 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."
|
|||||
| CVE-2002-0979 | 1 Microsoft | 1 Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.
|
|||||
| CVE-2002-1481 | 1 Phpgb | 1 Phpgb | 2025-04-03 | 7.5 HIGH | N/A |
|
savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
|
|||||
| CVE-2005-1233 | 1 Php Labs | 1 Profile | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters.
|
|||||
| CVE-2001-0055 | 1 Cisco | 2 Broadband Operating System, Cisco 6xx Routers | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
|
|||||
| CVE-2002-2210 | 1 Openoffice | 1 Openoffice | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
|
|||||
| CVE-2006-4273 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
|
|||||
| CVE-2002-0832 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
|
|||||
| CVE-1999-0743 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Trn allows local users to overwrite other users' files via symlinks.
|
|||||
| CVE-2006-1644 | 1 Interact | 1 Interact | 2025-04-03 | 5.0 MEDIUM | N/A |
|
login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4647 | 1 Sponge News | 1 Sponge News | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.
|
|||||
| CVE-2005-4037 | 1 Web4future | 1 Affiliate Manager Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2005-2610 | 1 Vegadns | 1 Vegadns | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2000-0041 | 1 Apple | 1 Macos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
|
|||||
| CVE-2001-0924 | 1 Ibm | 1 Informix Web Datablade | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.
|
|||||
| CVE-2005-0733 | 1 Py Software | 1 Active Webcam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.
|
|||||
| CVE-2006-1435 | 1 Accounting Receiving And Inventory Administration | 1 Aria | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).
|
|||||
| CVE-2000-1123 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
|
|||||
| CVE-2006-3624 | 1 Flv | 1 Flv Player | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php.
|
|||||
| CVE-2003-0389 | 1 Rsa | 1 Ace Agent | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script.
|
|||||
| CVE-2006-0457 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.1 HIGH | N/A |
|
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
|
|||||
| CVE-1999-1304 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access.
|
|||||
| CVE-2001-0135 | 1 Ultrascripts | 1 Ultraboard | 2025-04-03 | 2.1 LOW | N/A |
|
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
|
|||||
| CVE-2004-1127 | 1 Open Dc Hub | 1 Direct Connect Peer-to-peer Client | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command.
|
|||||
| CVE-2005-1046 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
|
|||||
| CVE-2004-1857 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
|
|||||
| CVE-2000-0099 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.
|
|||||
| CVE-2002-1746 | 1 Maxim Krasnyansky | 1 Vtun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
|
|||||
| CVE-2002-0181 | 1 Horde | 2 Horde, Imp | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
|
|||||
| CVE-2005-1038 | 2 Paul Vixie, Redhat | 2 Vixie Cron, Enterprise Linux | 2025-04-03 | 2.1 LOW | N/A |
|
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
|
|||||
| CVE-2002-1749 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
|
|||||
| CVE-2006-0682 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2004-1400 | 1 Active Server Corner | 1 Asp Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
|
|||||
| CVE-2004-0452 | 1 Larry Wall | 1 Perl | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
|
|||||
| CVE-2002-1209 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
|
|||||
| CVE-2000-0183 | 1 Michael Sandrof | 1 Ircii | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.
|
|||||
| CVE-1999-1571 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570.
|
|||||