Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1492 | 1 Nikolay Avrionov | 1 Explorer Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter.
|
|||||
| CVE-2005-2748 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
|
|||||
| CVE-2001-0486 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
|
|||||
| CVE-2004-0205 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
|
|||||
| CVE-1999-0572 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 9.3 HIGH | N/A |
|
.reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.
|
|||||
| CVE-2006-4495 | 1 Microsoft | 2 Ie, Windows 2003 Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
|
|||||
| CVE-2006-4605 | 1 Longino | 1 Jacome Php-revista | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
|
|||||
| CVE-2006-3490 | 1 F-secure | 3 F-secure Anti-virus, F-secure Internet Security, F-secure Service Platform For Service Providers | 2025-04-03 | 5.0 MEDIUM | N/A |
|
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls.
|
|||||
| CVE-2002-1929 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions.
|
|||||
| CVE-2005-1550 | 1 Colored Scripts | 1 Easy Message Board | 2025-04-03 | 7.5 HIGH | N/A |
|
easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter.
|
|||||
| CVE-2004-2470 | 1 Madbms | 1 Madbms | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.
|
|||||
| CVE-2004-0401 | 1 Free Software Foundation Inc. | 1 Libtasn1 | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions.
|
|||||
| CVE-2005-4468 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter.
|
|||||
| CVE-2004-1709 | 1 Datakey | 1 Rainbow Ikey2032 Usb Token | 2025-04-03 | 2.1 LOW | N/A |
|
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
|
|||||
| CVE-2006-4904 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
|
|||||
| CVE-2001-0835 | 1 Bradford Barrett | 1 Webalizer | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
|
|||||
| CVE-2006-3726 | 1 Intervations | 1 Filecopa | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command.
|
|||||
| CVE-2005-3489 | 1 Asus | 1 Video Security Online | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.
|
|||||
| CVE-2006-1903 | 1 Userland | 1 Manila | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769.
|
|||||
| CVE-2000-0540 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
|
|||||
| CVE-2006-1474 | 1 Raindance | 1 Web Conferencing Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "failed" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter.
|
|||||
| CVE-2000-0425 | 1 Lsoft | 1 Listserv | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2002-0865 | 1 Microsoft | 1 Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."
|
|||||
| CVE-2006-1280 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2025-04-03 | 7.5 HIGH | N/A |
|
CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.
|
|||||
| CVE-2003-0557 | 1 Lagarde | 1 Storefront | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
|
|||||
| CVE-2004-0520 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
|
|||||
| CVE-2005-0309 | 1 Exponent | 1 Exponent | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter.
|
|||||
| CVE-2002-0048 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
|
|||||
| CVE-2002-1612 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
|
|||||
| CVE-2002-1702 | 1 Deltascripts | 1 Php Classifieds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter.
|
|||||
| CVE-2003-0424 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
|
|||||
| CVE-2006-0600 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.
|
|||||
| CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
|
|||||
| CVE-2000-0929 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
|
|||||
| CVE-2005-0397 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
|
|||||
| CVE-2003-0393 | 1 Privacyware | 1 Privatefirewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans.
|
|||||
| CVE-2005-1816 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen.
|
|||||
| CVE-2000-0227 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
|
|||||
| CVE-1999-0116 | 1 Ibm | 2 Aix, Sng | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.
|
|||||
| CVE-2001-0722 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
|
|||||