Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0746 | 1 Xpdf | 1 Xpdf | 2025-04-03 | 7.5 HIGH | N/A |
|
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
|
|||||
| CVE-2000-0968 | 1 Valve Software | 1 Half-life Dedicated Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.
|
|||||
| CVE-2002-1321 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
|
|||||
| CVE-1999-0345 | 4 Freebsd, Ibm, Sco and 1 more | 7 Freebsd, Aix, Sng and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
|
|||||
| CVE-2002-0782 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
|
|||||
| CVE-1999-0843 | 1 Cisco | 1 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port.
|
|||||
| CVE-2001-0065 | 1 Max-wilhelm Bruker | 1 Bftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command.
|
|||||
| CVE-2006-3835 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
|
|||||
| CVE-2000-0334 | 1 Allaire | 1 Spectra | 2025-04-03 | 2.1 LOW | N/A |
|
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
|
|||||
| CVE-2006-2243 | 1 Web4future | 1 News Portal | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection.
|
|||||
| CVE-2005-3297 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-1585 | 1 3dsrc | 1 Monalbum | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b) image_agrandir.php.
|
|||||
| CVE-2001-0435 | 1 Pgp | 1 Pgp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
|
|||||
| CVE-2000-0933 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
|
|||||
| CVE-2006-0080 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
|
|||||
| CVE-2002-1108 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
|
|||||
| CVE-2000-0895 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.
|
|||||
| CVE-2003-1179 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
|
|||||
| CVE-2002-1068 | 1 D-link | 1 Dp-303 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request.
|
|||||
| CVE-2006-0162 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
|
|||||
| CVE-2000-0351 | 1 Sco | 1 Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.
|
|||||
| CVE-2005-2285 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
|
|||||
| CVE-2001-1518 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 2.1 LOW | N/A |
|
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
|
|||||
| CVE-2002-0387 | 1 Sun | 1 One Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.
|
|||||
| CVE-2005-1372 | 1 Bakbone | 1 Netvault | 2025-04-03 | 4.6 MEDIUM | N/A |
|
nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu.
|
|||||
| CVE-2004-1704 | 1 Wire Plastic Design | 1 Wpquiz | 2025-04-03 | 7.5 HIGH | N/A |
|
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
|
|||||
| CVE-2002-1983 | 1 Qnx | 1 Rtos | 2025-04-03 | 2.1 LOW | N/A |
|
The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.
|
|||||
| CVE-2002-1943 | 1 Safetp | 1 Safetp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.
|
|||||
| CVE-2006-2665 | 1 V-webmail | 1 V-webmail | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
|
|||||
| CVE-2002-2010 | 1 Htdig | 1 Htdig | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
|
|||||
| CVE-2000-0015 | 1 Ascend | 1 Cascadeview Ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
|
|||||
| CVE-2005-0534 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script.
|
|||||
| CVE-1999-0258 | 1 Microsoft | 2 Windows 95, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bonk variation of teardrop IP fragmentation denial of service.
|
|||||
| CVE-2004-1664 | 1 Activision | 2 Call Of Duty, Call Of Duty United Offensive | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430.
|
|||||
| CVE-2001-0039 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
|
|||||
| CVE-2005-0935 | 1 Esmi | 1 Paypal Storefront | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
|
|||||
| CVE-2006-2119 | 1 Artmedic Webdesign | 1 Artmedic Event | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter.
|
|||||
| CVE-2004-0538 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
|
|||||
| CVE-2006-3674 | 1 Armagetron | 1 Armagetron Advanced | 2025-04-03 | 7.8 HIGH | N/A |
|
nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function.
|
|||||
| CVE-2006-2406 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.
|
|||||