Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0391 | 1 Microsoft | 3 Terminal Server, Windows 2000, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
|
|||||
| CVE-1999-0466 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
|
|||||
| CVE-2006-0110 | 1 Javier Suarez Sanz | 1 Foro Domus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter.
|
|||||
| CVE-2005-1875 | 1 Exhibit Engine | 1 Exhibit Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.
|
|||||
| CVE-2004-1904 | 1 Panda | 1 Activescan | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.
|
|||||
| CVE-2005-0722 | 1 Experience2 | 1 Experience2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message.
|
|||||
| CVE-2002-1642 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.2 HIGH | N/A |
|
PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command.
|
|||||
| CVE-2003-1190 | 1 Phprecipebook | 1 Phprecipebook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe.
|
|||||
| CVE-1999-0249 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
Windows NT RSHSVC program allows remote users to execute arbitrary commands.
|
|||||
| CVE-2006-2793 | 1 Aspsitem | 1 Aspsitem | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
|
|||||
| CVE-2002-2216 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information.
|
|||||
| CVE-1999-1204 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.
|
|||||
| CVE-2005-2134 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
|
|||||
| CVE-2005-1341 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
|
|||||
| CVE-1999-0673 | 1 Crear | 1 Almail32 | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in ALMail32 POP3 client via From: or To: headers.
|
|||||
| CVE-2002-1808 | 1 Zack Coburn | 1 Meunity Community System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic.
|
|||||
| CVE-2004-0369 | 2 Entrust, Symantec | 5 Entrust Libkmp Isakmp Library, Enterprise Firewall, Gateway Security 5300 and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.
|
|||||
| CVE-2006-2378 | 1 Microsoft | 4 Ie, Internet Explorer, Windows 2003 Server and 1 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
|
|||||
| CVE-2002-0487 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
|
|||||
| CVE-2004-2672 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
|
|||||
| CVE-2005-0148 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
|
|||||
| CVE-2006-1356 | 1 Andrew Hsu | 2 Libvc, Rolo | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line.
|
|||||
| CVE-2005-0658 | 1 Cmw Linklist | 1 Cmw Linklist | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.
|
|||||
| CVE-2005-4594 | 1 Tugzip | 1 Tugzip | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
|
|||||
| CVE-2005-2847 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
|
|||||
| CVE-2002-0429 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
|
|||||
| CVE-2000-0204 | 1 Trend Micro | 1 Officescan | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
|
|||||
| CVE-2002-1112 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
|
|||||
| CVE-2005-1466 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors.
|
|||||
| CVE-2005-4723 | 2 D-link, Dlink | 4 Di-524, Di-784, Di-524 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
|
|||||
| CVE-2006-4289 | 1 Sony | 1 Vaio Media Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-2838 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.
|
|||||
| CVE-2006-4126 | 1 Dconnect | 1 Dconnect Daemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference.
|
|||||
| CVE-2002-1541 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.5 HIGH | N/A |
|
BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).
|
|||||
| CVE-2003-0307 | 1 Poster | 1 Poster | 2025-04-03 | 7.5 HIGH | N/A |
|
Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field.
|
|||||
| CVE-2005-1145 | 1 Calendarscript | 1 Calendarscript | 2025-04-03 | 4.3 MEDIUM | N/A |
|
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146
|
|||||
| CVE-2003-0747 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message.
|
|||||
| CVE-1999-0508 | 2025-04-03 | 4.6 MEDIUM | N/A | ||
|
An account on a router, firewall, or other network device has a default, null, blank, or missing password.
|
|||||
| CVE-2002-0986 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
|
|||||
| CVE-2004-0050 | 1 Verity | 1 Ultraseek | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
|
|||||