Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0341 | 1 Owl | 1 Owl Intranet Engine | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.
|
|||||
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.
|
|||||
| CVE-2002-1396 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
|
|||||
| CVE-2002-0385 | 1 Vignette | 2 Storyserver, Vignette | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output.
|
|||||
| CVE-2003-1109 | 1 Cisco | 4 Ios, Ip Phone 7940, Ip Phone 7960 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
|
|||||
| CVE-2005-0334 | 1 Linksys | 1 Psus4 Printserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value.
|
|||||
| CVE-2005-3310 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 3.5 LOW | N/A |
|
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005 ...
Show More |
|||||
| CVE-2001-0145 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
|
|||||
| CVE-2005-1713 | 1 S9y | 1 Serendipity | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.
|
|||||
| CVE-2006-3584 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.
|
|||||
| CVE-2004-0770 | 2 Debian, Dgen | 2 Debian Linux, Emulator | 2025-04-03 | 2.1 LOW | N/A |
|
romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.
|
|||||
| CVE-2002-2107 | 1 Veridis | 1 Openkeyserver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2004-0779 | 2 Firebirdsql, Mozilla | 3 Firebird, Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
|
|||||
| CVE-2004-0545 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0178 | 1 Gnu | 1 Sharutils | 2025-04-03 | 7.2 HIGH | N/A |
|
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
|
|||||
| CVE-2005-1832 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php.
|
|||||
| CVE-2006-2161 | 3 Cam Development, Erik Dienske, Roger Aelbrecht | 3 Cam Unzip, Abakt, Tzipbuilder | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name.
|
|||||
| CVE-1999-1368 | 1 Broadcom | 1 Inoculateit | 2025-04-03 | 7.5 HIGH | N/A |
|
AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.
|
|||||
| CVE-2004-2041 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2006-0167 | 1 Myphpim | 1 Myphpim | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.
|
|||||
| CVE-2005-2011 | 1 Php Arena | 1 Pafaq | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
|
|||||
| CVE-2003-1277 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
|
|||||
| CVE-2001-1174 | 1 Elm Development Group | 1 Elm | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.
|
|||||
| CVE-2003-0756 | 1 Sitebuilder | 1 Sitebuilder | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter.
|
|||||
| CVE-2005-2974 | 1 Libungif | 1 Libungif | 2025-04-03 | 2.6 LOW | N/A |
|
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.
|
|||||
| CVE-2000-1041 | 1 Swen Thuemmler | 1 Ypbind | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.
|
|||||
| CVE-1999-0086 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AIX routed allows remote users to modify sensitive files.
|
|||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
|
|||||
| CVE-2001-1051 | 1 Dark Hart Portal | 1 Darkportal-unix | 2025-04-03 | 7.5 HIGH | N/A |
|
Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2004-1520 | 1 Ipswitch | 1 Imail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
|
|||||
| CVE-2002-1875 | 1 Mcafee | 1 Entercept Agent | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity.
|
|||||
| CVE-1999-1048 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
|
|||||
| CVE-2000-0536 | 1 Xinetd | 1 Xinetd | 2025-04-03 | 7.5 HIGH | N/A |
|
xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.
|
|||||
| CVE-2004-0083 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
|
|||||
| CVE-2001-1182 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
|
|||||
| CVE-1999-1376 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2000-0519 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
|
|||||
| CVE-2002-1503 | 1 Afd | 1 Afd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.
|
|||||
| CVE-2003-0309 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."
|
|||||