Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1845 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.
|
|||||
| CVE-1999-0678 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
|
|||||
| CVE-1999-1474 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
|
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
|
|||||
| CVE-2005-4302 | 1 Indexcor | 1 Ezdatabase | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.
|
|||||
| CVE-2005-0575 | 1 Stormy Studios | 1 Knet | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2006-2774 | 1 Qontentone | 1 Qontentone Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter.
|
|||||
| CVE-2004-1218 | 1 Ibex Software | 1 Remote Execute | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.
|
|||||
| CVE-1999-0479 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
|
|||||
| CVE-2002-0810 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
|
|||||
| CVE-2001-0383 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
|
|||||
| CVE-2006-1958 | 1 Wired Community Software | 1 Wwwthreads | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php.
|
|||||
| CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL.
|
|||||
| CVE-1999-1457 | 1 Thttpd | 1 Thttpd Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function.
|
|||||
| CVE-2002-2105 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
|
|||||
| CVE-2005-2871 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
|
|||||
| CVE-2003-1269 | 1 An | 1 An-http | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.
|
|||||
| CVE-2006-1843 | 1 Cynical Games | 1 Shoutbook | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2001-0862 | 1 Cisco | 1 12000 Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
|
|||||
| CVE-2004-0253 | 1 Ibm | 1 Cloudscape | 2025-04-03 | 10.0 HIGH | N/A |
|
IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.
|
|||||
| CVE-2000-0771 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
|
|||||
| CVE-2006-1408 | 1 Vavoom | 1 Vavoom | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket.
|
|||||
| CVE-2001-1415 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
|
|||||
| CVE-2005-2794 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
|
|||||
| CVE-2004-1575 | 1 Apache | 1 Xerces-c\+\+ | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
|
|||||
| CVE-1999-0068 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
CGI PHP mylog script allows an attacker to read any file on the target server.
|
|||||
| CVE-2002-0110 | 1 Nevrona Designs | 1 Miramail | 2025-04-03 | 2.1 LOW | N/A |
|
Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file.
|
|||||
| CVE-2002-2189 | 2 Activxperts Software, Microsoft | 2 Activwebserver, Windows 2003 Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
|
|||||
| CVE-2001-0625 | 1 Broadcom | 1 Inoculateit | 2025-04-03 | 7.2 HIGH | N/A |
|
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
|
|||||
| CVE-2003-0196 | 5 Compaq, Hp, Samba and 2 more | 7 Tru64, Cifs-9000 Server, Hp-ux and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
|
|||||
| CVE-2006-0569 | 1 Papoo | 1 Papoo | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4143 | 1 Netgear | 1 Fvg318 | 2025-04-03 | 7.8 HIGH | N/A |
|
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
|
|||||
| CVE-2005-0640 | 1 Broadcom | 1 Unicenter Asset Management | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods.
|
|||||
| CVE-2003-1167 | 1 Gernot Stocker | 1 Kpopup | 2025-04-03 | 7.2 HIGH | N/A |
|
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
|
|||||
| CVE-2005-2313 | 1 Checkpoint | 1 Secureclient Ng | 2025-04-03 | 7.2 HIGH | N/A |
|
Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors.
|
|||||
| CVE-2001-0314 | 1 Aol | 1 Aol Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link.
|
|||||
| CVE-2006-0131 | 1 Boastmachine | 1 Boastmachine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.
|
|||||
| CVE-1999-1104 | 1 Microsoft | 1 Windows 95 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
|
|||||
| CVE-2004-0893 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
|
|||||
| CVE-2000-1169 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
|
|||||
| CVE-2004-0636 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.
|
|||||