Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1685 | 1 Smc Networks | 2 Smc7004vwbr, Smc7008abr | 2025-04-03 | 7.5 HIGH | N/A |
|
SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.
|
|||||
| CVE-2005-2070 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.
|
|||||
| CVE-2004-1909 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 2.6 LOW | N/A |
|
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
|
|||||
| CVE-2005-4018 | 1 Landshop | 1 Real Estate Commerce System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters.
|
|||||
| CVE-2004-0618 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
|
|||||
| CVE-2003-1194 | 1 Booby | 1 Booby | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
|
|||||
| CVE-2006-1740 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
|
|||||
| CVE-2001-1036 | 2 Gnu, Slackware | 2 Findutils, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
|
|||||
| CVE-2005-3785 | 1 Gentoo | 1 Linux Eix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
|
|||||
| CVE-1999-1402 | 2 Freebsd, Sun | 3 Freebsd, Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
|
|||||
| CVE-2005-1707 | 1 Gentoo | 1 Linux Webapp-config | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
|
|||||
| CVE-2005-1841 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 2.1 LOW | N/A |
|
The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
|
|||||
| CVE-2006-2858 | 1 Locazo | 1 Locazolist Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
|
|||||
| CVE-2005-3630 | 1 Redhat | 1 Fedora Core | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
|
|||||
| CVE-2003-1071 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
|
|||||
| CVE-2003-0138 | 1 Mit | 1 Kerberos | 2025-04-03 | 7.5 HIGH | N/A |
|
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
|
|||||
| CVE-2006-2488 | 1 Spymac | 1 Spymac Web Os | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php.
|
|||||
| CVE-2001-1236 | 1 Sebastian Bunka | 1 Myphppagetool | 2025-04-03 | 7.5 HIGH | N/A |
|
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
|
|||||
| CVE-2003-0428 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.
|
|||||
| CVE-2001-0243 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
|
|||||
| CVE-2005-4546 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.8 HIGH | N/A |
|
search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.
|
|||||
| CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.
|
|||||
| CVE-2005-3953 | 1 Bedeng Psp | 1 Bedeng Psp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.
|
|||||
| CVE-2005-3895 | 1 Otrs | 1 Otrs | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
|
|||||
| CVE-2005-0861 | 1 Delegate | 1 Delegate | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."
|
|||||
| CVE-2005-3823 | 1 Vtiger | 1 Vtiger Crm | 2025-04-03 | 7.5 HIGH | N/A |
|
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
|
|||||
| CVE-2001-0407 | 1 Oracle | 1 Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
|
|||||
| CVE-1999-1502 | 1 Id Software | 1 Quake | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
|
|||||
| CVE-2002-0573 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
|
|||||
| CVE-2004-1432 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets.
|
|||||
| CVE-2002-1371 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 7.5 HIGH | N/A |
|
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
|
|||||
| CVE-2000-0478 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.
|
|||||
| CVE-2002-2073 | 1 Microsoft | 3 Site Server, Site Server Commerce, Windows Nt | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
|
|||||
| CVE-2001-0737 | 1 Logitech | 4 Cordless Freedom, Cordless Freedom Navigator, Cordless Freedom Pro and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack.
|
|||||
| CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 3.6 LOW | N/A |
|
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
|
|||||
| CVE-2001-1389 | 1 Xinetd | 1 Xinetd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
|
|||||
| CVE-2006-0823 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.
|
|||||
| CVE-2004-1974 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message.
|
|||||
| CVE-2005-3139 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.
|
|||||
| CVE-2002-2205 | 1 Webresolve | 1 Webresolve | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Webresolve 0.1.0 and earlier allows remote attackers to execute arbitrary code by connecting to the server from an IP address that resolves to a long hostname.
|
|||||