Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1395 | 1 Cholod | 1 Mysql Based Message Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-0518 | 1 Spip | 1 Spip | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
|||||
| CVE-2005-1609 | 1 Sun | 1 Storedge 6130 Arrays | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.
|
|||||
| CVE-2006-0070 | 1 Drupal | 1 Drupal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE
|
|||||
| CVE-2000-0361 | 1 Suse | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
|
|||||
| CVE-1999-0835 | 3 Ibm, Sco, Sun | 4 Aix, Openserver, Unixware and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Denial of service in BIND named via malformed SIG records.
|
|||||
| CVE-1999-0806 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris dtprintinfo program.
|
|||||
| CVE-2005-3075 | 1 Mpc-donkey | 1 Zengaia | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2005-1622 | 1 Metalinks | 1 Metacart E-shop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.
|
|||||
| CVE-2001-1487 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 4.6 MEDIUM | N/A |
|
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.
|
|||||
| CVE-2006-4083 | 1 Mywebland | 1 Myevent | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-3241 | 1 Xennobb | 1 Xennobb | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
|
|||||
| CVE-2001-1440 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
|
|||||
| CVE-2006-2205 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.
|
|||||
| CVE-2000-0069 | 1 Sun | 1 Solstice Backup | 2025-04-03 | 2.1 LOW | N/A |
|
The recover program in Solstice Backup allows local users to restore sensitive files.
|
|||||
| CVE-2005-4416 | 1 Tml | 1 Tml | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2005-3837 | 1 Scssboard | 1 Scssboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.
|
|||||
| CVE-2002-1861 | 1 Sybase | 1 Easerver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sybase Enterprise Application Server 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
|
|||||
| CVE-2001-0034 | 1 Kth | 1 Kth Kerberos | 2025-04-03 | 7.2 HIGH | N/A |
|
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
|
|||||
| CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php.
|
|||||
| CVE-2003-0465 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
|
|||||
| CVE-2006-2646 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
|
|||||
| CVE-2002-0647 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
|
|||||
| CVE-2004-0790 | 2 Microsoft, Sun | 8 Windows 2000, Windows 2003 Server, Windows 98 and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based i ...
Show More |
|||||
| CVE-2000-1026 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
|
|||||
| CVE-1999-0520 | 2025-04-03 | 6.4 MEDIUM | N/A | ||
|
A system-critical NETBIOS/SMB share has inappropriate access control.
|
|||||
| CVE-2005-0493 | 1 Seth M. Knorr | 1 Biz Mail Form | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.
|
|||||
| CVE-2001-0012 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
|
|||||
| CVE-2006-2757 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php.
|
|||||
| CVE-2002-1811 | 1 Belkin | 1 F5d6130 Wnap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.
|
|||||
| CVE-2002-0447 | 1 Xerver | 1 Xerver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Xerver Free Web Server 2.10 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in an HTTP GET request.
|
|||||
| CVE-1999-0261 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
Netmanager Chameleon SMTPd has several buffer overflows that cause a crash.
|
|||||
| CVE-2000-0116 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.
|
|||||
| CVE-2000-0245 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
|
|||||
| CVE-2006-1908 | 1 Mywebland | 1 Myevent | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2002-0982 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
|
|||||
| CVE-2005-0239 | 1 Squirrelmail | 1 S Mime Plugin | 2025-04-03 | 7.5 HIGH | N/A |
|
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.
|
|||||
| CVE-2001-0916 | 1 Berkeley | 1 Pmake | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition.
|
|||||
| CVE-2001-0945 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
|
|||||
| CVE-2000-1042 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
|
|||||