Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0848 | 1 E-zone Media | 1 Fuse Talk | 2025-04-03 | 4.6 MEDIUM | N/A |
|
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
|
|||||
| CVE-1999-0968 | 1 James Seter | 1 Bnc Irc | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
|
|||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
|
|||||
| CVE-2002-1198 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
|
|||||
| CVE-2004-1410 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
|
|||||
| CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
|
|||||
| CVE-2004-1295 | 1 Uml-utilities | 1 Uml-utilities | 2025-04-03 | 2.1 LOW | N/A |
|
The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).
|
|||||
| CVE-2006-2630 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-1999-0193 | 1 Ascend | 1 Cascadeview Ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option.
|
|||||
| CVE-2005-0628 | 1 Demof | 1 Forumwa | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.
|
|||||
| CVE-2001-1148 | 1 Sco | 1 Openserver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
|
|||||
| CVE-2006-4427 | 1 Efiction | 1 Efiction | 2025-04-03 | 5.1 MEDIUM | N/A |
|
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
|
|||||
| CVE-1999-0319 | 2025-04-03 | 7.2 HIGH | N/A | ||
|
Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting.
|
|||||
| CVE-2005-1129 | 1 Egroupware | 1 Egroupware | 2025-04-03 | 2.1 LOW | N/A |
|
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
|
|||||
| CVE-2003-1234 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 3.6 LOW | N/A |
|
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
|
|||||
| CVE-2002-2308 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.
|
|||||
| CVE-2005-1058 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.
|
|||||
| CVE-2002-1972 | 1 Sebastian Dehne | 1 Pp Powerswitch | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports.
|
|||||
| CVE-2000-1050 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
|
|||||
| CVE-2005-1120 | 1 Ilohamail | 1 Ilohamail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.
|
|||||
| CVE-2001-0075 | 1 Technote Inc | 1 Technote | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter.
|
|||||
| CVE-2005-0476 | 1 Hpm Guestbook.cgi | 1 Hpm Guestbook.cgi | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message.
|
|||||
| CVE-2003-0880 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
|
|||||
| CVE-2001-0705 | 1 Arcadia | 1 Arcadia Internet Store | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
|
|||||
| CVE-2006-3536 | 1 Ej3 | 1 Topo | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.
|
|||||
| CVE-2003-1505 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
|
|||||
| CVE-2000-1055 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
|
|||||
| CVE-2005-3008 | 1 Amar Sagoo | 1 Tofu | 2025-04-03 | 7.5 HIGH | N/A |
|
Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.
|
|||||
| CVE-2005-2216 | 1 Photogal | 1 Photogal Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.
|
|||||
| CVE-2005-3417 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
|
|||||
| CVE-2004-0058 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
|
|||||
| CVE-2005-1566 | 1 Arcowave Systems | 1 Wlan Ap \+ Adsl Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell.
|
|||||
| CVE-2006-3683 | 1 Flipper Poll | 1 Flipper Poll | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
|
|||||
| CVE-2001-1445 | 1 Lotus | 1 Domino Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
|
|||||
| CVE-2003-1038 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
|
|||||
| CVE-2006-4964 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.
|
|||||
| CVE-2001-1305 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
|
|||||
| CVE-2004-1510 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.
|
|||||
| CVE-2002-1220 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
|
|||||
| CVE-2003-1090 | 1 Celestial Software | 1 Absolutetelnet | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title.
|
|||||