Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2414 | 1 Xpcom | 1 Xpcom | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
|
|||||
| CVE-2004-0506 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
|
|||||
| CVE-2005-2499 | 1 Slocate | 1 Slocate | 2025-04-03 | 2.1 LOW | N/A |
|
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.
|
|||||
| CVE-2003-0928 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 7.5 HIGH | N/A |
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
|
|||||
| CVE-2006-2398 | 1 Gphotos | 1 Gphotos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter.
|
|||||
| CVE-2004-1463 | 1 Moinmoin | 1 Moinmoin | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
|
|||||
| CVE-2002-0535 | 2 Postboard, Postnuke Software Foundation | 2 Postboard, Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
|
|||||
| CVE-2005-1396 | 1 Swlink | 1 Ce Ceterm | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
|
|||||
| CVE-2005-0432 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
|
|||||
| CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field.
|
|||||
| CVE-2005-4409 | 1 Mmbase | 1 Mmbase | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
|
|||||
| CVE-2006-4739 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.
|
|||||
| CVE-2005-4676 | 1 Andreas Huggel | 1 Exiv2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
|
|||||
| CVE-2002-1104 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
|
|||||
| CVE-2001-0699 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
|
|||||
| CVE-2006-4769 | 1 Gtasoft | 1 P4cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter.
|
|||||
| CVE-2003-0837 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
|
|||||
| CVE-2002-1028 | 1 Oddsock | 1 Song Requester | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments.
|
|||||
| CVE-2006-1207 | 1 Sergey Korostel | 1 Php Upload Center | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.
|
|||||
| CVE-2005-1592 | 1 Birdblog | 1 Birdblog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript.
|
|||||
| CVE-2002-0121 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
|
|||||
| CVE-2005-0119 | 1 Helvis | 1 Helvis | 2025-04-03 | 2.1 LOW | N/A |
|
helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.
|
|||||
| CVE-1999-0458 | 1 L0pht | 1 L0phtcrack | 2025-04-03 | 2.1 LOW | N/A |
|
L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.
|
|||||
| CVE-2005-1011 | 1 Iatek | 1 Siteenable | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
|
|||||
| CVE-2000-0973 | 1 Daniel Stenberg | 1 Curl | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
|
|||||
| CVE-2002-0611 | 1 Craig Patchett | 1 Fileseek | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered.
|
|||||
| CVE-2004-2602 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.
|
|||||
| CVE-2005-1199 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.
|
|||||
| CVE-1999-0328 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
SGI permissions program allows local users to gain root privileges.
|
|||||
| CVE-2003-0098 | 2 Apcupsd, Debian | 2 Apcupsd, Debian Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
|
|||||
| CVE-2003-0999 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
|
|||||
| CVE-2004-1231 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.
|
|||||
| CVE-2001-0129 | 1 Tinyproxy | 1 Tinyproxy | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
|
|||||
| CVE-2006-3405 | 1 Qto | 1 Qtofilemanager | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.
|
|||||
| CVE-1999-0757 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 2.1 LOW | N/A |
|
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
|
|||||
| CVE-2006-1197 | 1 Macrovision | 1 Safedisc | 2025-04-03 | 7.2 HIGH | N/A |
|
SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program.
|
|||||
| CVE-2005-1945 | 1 Invision Power Services | 1 Invision Community Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.
|
|||||
| CVE-2004-1922 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
|
|||||
| CVE-2001-0620 | 1 Iplanet | 1 Calendar Server | 2025-04-03 | 2.1 LOW | N/A |
|
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
|
|||||
| CVE-2006-3785 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 2.1 LOW | N/A |
|
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
|
|||||