Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1234 | 1 Dsportal | 1 Dscounter | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
|
|||||
| CVE-1999-0750 | 1 Microsoft | 1 Hotmail | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.
|
|||||
| CVE-2005-4493 | 1 Speartek | 1 Speartek | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
|
|||||
| CVE-2005-4234 | 1 Powerdev | 1 Encapsgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2005-0993 | 1 Sco | 1 Openserver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2002-1486 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
|
|||||
| CVE-2005-4534 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2001-0280 | 1 Atrium Software | 1 Mercur | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
|
|||||
| CVE-2004-0915 | 2 Debian, Viewcvs | 2 Debian Linux, Viewcvs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
|
|||||
| CVE-2000-0544 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
|
|||||
| CVE-2001-1422 | 1 Att | 1 Winvnc | 2025-04-03 | 7.5 HIGH | N/A |
|
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
|
|||||
| CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
|
|||||
| CVE-1999-0169 | 1 Sun | 1 Nfs | 2025-04-03 | 10.0 HIGH | N/A |
|
NFS allows attackers to read and write any file on the system by specifying a false UID.
|
|||||
| CVE-2005-1192 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.
|
|||||
| CVE-2006-4845 | 1 George Lewe | 1 Teamcal Pro | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.
|
|||||
| CVE-2005-0117 | 1 Xshisen | 1 Xshisen | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.
|
|||||
| CVE-2005-3394 | 1 Oaboard | 1 Oaboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.
|
|||||
| CVE-2004-0419 | 3 Gentoo, X.org, Xfree86 Project | 3 Linux, X11r6, Xdm | 2025-04-03 | 7.5 HIGH | N/A |
|
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.
|
|||||
| CVE-2005-0893 | 1 Smail | 1 Smail | 2025-04-03 | 7.6 HIGH | N/A |
|
modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc.
|
|||||
| CVE-2004-0977 | 4 Mandrakesoft, Postgresql, Redhat and 1 more | 6 Mandrake Linux, Mandrake Linux Corporate Server, Postgresql and 3 more | 2025-04-03 | 2.1 LOW | N/A |
|
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
|
|||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.
|
|||||
| CVE-2005-0047 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
|
|||||
| CVE-2002-0990 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.
|
|||||
| CVE-2004-0614 | 1 Osticket | 1 Osticket Sts | 2025-04-03 | 6.4 MEDIUM | N/A |
|
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.
|
|||||
| CVE-2006-1946 | 1 Visale | 1 Visale | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.
|
|||||
| CVE-2003-1293 | 1 Nukedweb | 1 Guestbookhost | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook.
|
|||||
| CVE-2004-0298 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter.
|
|||||
| CVE-2001-0649 | 1 Apple | 1 Personal Web Sharing | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
|
|||||
| CVE-2000-0214 | 1 Ftpx | 1 Ftp Explorer | 2025-04-03 | 4.6 MEDIUM | N/A |
|
FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
|
|||||
| CVE-2000-1207 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).
|
|||||
| CVE-2005-0539 | 1 Ibm | 1 Hardware Management Console | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard.
|
|||||
| CVE-2005-1339 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.
|
|||||
| CVE-2004-1876 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
|
|||||
| CVE-1999-0776 | 1 Computer Software Manufaktur | 1 Alibaba | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.
|
|||||
| CVE-2006-3873 | 1 Microsoft | 4 Ie, Windows 2000, Windows 2003 Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
|
|||||
| CVE-1999-0127 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.
|
|||||
| CVE-2004-0300 | 1 Ecommerce Corporation Online | 1 Store Kit | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
|
|||||
| CVE-2001-0541 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
|
|||||
| CVE-2006-0373 | 1 Douran | 1 Followweb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2003-0767 | 1 Gamespy | 2 Roger Wilco Dedicated Server, Roger Wilco Graphical Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.
|
|||||