Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
|
|||||
| CVE-2001-1251 | 2 Max Feoktistov, Vwebserver | 2 Small Http Server, Vwebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
|
|||||
| CVE-2006-0305 | 1 Clipcomm | 2 Cp-100e Voip Wifi Phone, Cpw-100e Voip Wifi Phone | 2025-04-03 | 7.5 HIGH | N/A |
|
Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023.
|
|||||
| CVE-2005-0358 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2025-04-03 | 7.5 HIGH | N/A |
|
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
|
|||||
| CVE-2006-0499 | 1 Yourboard | 1 Rlink | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-2915 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
|
|||||
| CVE-2005-0956 | 1 Interakt | 1 Mx Kart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter.
|
|||||
| CVE-2003-0665 | 1 Microsoft | 1 Access | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
|
|||||
| CVE-2005-4201 | 1 Showalbumonline | 1 My Album Online | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.
|
|||||
| CVE-2005-1706 | 1 Mailscanner | 1 Mailscanner | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection.
|
|||||
| CVE-1999-0856 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.
|
|||||
| CVE-2001-0056 | 1 Cisco | 1 Broadband Operating System | 2025-04-03 | 7.5 HIGH | N/A |
|
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
|
|||||
| CVE-2005-0547 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
|
|||||
| CVE-2006-3595 | 1 Cisco | 1 Router Web Setup | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
|
|||||
| CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
|
|||||
| CVE-2006-4282 | 1 Mamboxchange | 1 Mambowiki | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
|
|||||
| CVE-2005-4556 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.
|
|||||
| CVE-2006-2543 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.
|
|||||
| CVE-2005-3566 | 1 Symantec Veritas | 4 Cluster Server, Sanpoint Control Quickstart, Storage Foundation and 1 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.
|
|||||
| CVE-2001-0246 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.
|
|||||
| CVE-2000-0184 | 2 Mandrakesoft, Redhat | 2 Mandrake Linux, Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
|
|||||
| CVE-2005-0463 | 1 Inl | 1 Ulog-php | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.
|
|||||
| CVE-2006-2735 | 1 Activity Mod Plus | 1 Activity Mod Plus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
|
|||||
| CVE-2006-1372 | 1 Benson It Solutions | 1 1webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
|
|||||
| CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.
|
|||||
| CVE-2004-1538 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-3080 | 1 Axent | 1 Axentforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.
|
|||||
| CVE-2001-0185 | 1 Netopia | 1 R9100 Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash.
|
|||||
| CVE-2000-0201 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
|
|||||
| CVE-2000-0161 | 1 Microsoft | 1 Site Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
|
|||||
| CVE-2000-1171 | 1 Markus Triska | 1 Cgiforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.
|
|||||
| CVE-2006-2755 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.
|
|||||
| CVE-2006-1641 | 1 Czaries Network | 1 Czarnews | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.
|
|||||
| CVE-2006-2148 | 1 Cgiirc | 1 Cgiirc | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string.
|
|||||
| CVE-2006-0922 | 1 Devellion | 1 Cubecart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
|
|||||
| CVE-2005-3454 | 1 Oracle | 1 Collaboration Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files.
|
|||||
| CVE-2000-1175 | 1 Jan Hubicka | 1 Koules | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
|
|||||
| CVE-2004-1112 | 2 Cisco, Okena | 2 Security Agent, Stormwatch | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
|
|||||
| CVE-2004-2366 | 1 Globalscape | 1 Secure Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.
|
|||||
| CVE-2001-1216 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
|
|||||