Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1380 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
|
|||||
| CVE-2002-0340 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content.
|
|||||
| CVE-2006-0498 | 1 Php Gen | 1 Php Gen | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-1999-0096 | 3 Bsdi, Freebsd, Sco | 4 Bsd Os, Freebsd, Internet Faststart and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sendmail decode alias can be used to overwrite sensitive files.
|
|||||
| CVE-2005-2307 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
|
|||||
| CVE-1999-0162 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.
|
|||||
| CVE-2001-0147 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
|
|||||
| CVE-2005-3476 | 1 Hp | 1 Openvms | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.
|
|||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
|
|||||
| CVE-2005-0007 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).
|
|||||
| CVE-2001-0900 | 1 Francisco Burzi | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
|
|||||
| CVE-2005-0669 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module.
|
|||||
| CVE-2002-0572 | 3 Freebsd, Openbsd, Sun | 4 Freebsd, Openbsd, Solaris and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
|
|||||
| CVE-2004-1476 | 2 Suse, Xine | 3 Suse Linux, Xine, Xine-lib | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.
|
|||||
| CVE-1999-1434 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.
|
|||||
| CVE-2005-4277 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2005-4700 | 1 Tellme | 1 Tellme | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.
|
|||||
| CVE-2006-2290 | 1 Www.goel.ch | 1 2005-comments-script | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter.
|
|||||
| CVE-2000-0081 | 1 Microsoft | 1 Hotmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
|
|||||
| CVE-2006-2257 | 1 Faktorystudios | 1 Easyevent | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter.
|
|||||
| CVE-2002-0089 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.
|
|||||
| CVE-2006-3886 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.
|
|||||
| CVE-2003-1321 | 1 Avant Force | 1 Avant Browser | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
|
|||||
| CVE-2004-0139 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.
|
|||||
| CVE-2005-1083 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter.
|
|||||
| CVE-2004-2151 | 1 Virtual Projects | 1 Chatman | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.
|
|||||
| CVE-2003-0986 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | 1.7 LOW | N/A |
|
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
|
|||||
| CVE-2005-0671 | 1 Ca3de | 1 Ca3de | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command.
|
|||||
| CVE-2005-0652 | 1 Hp | 1 Openvms | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
|
|||||
| CVE-2006-3982 | 1 Knusperleicht | 1 Quickie | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter.
|
|||||
| CVE-2005-0920 | 1 Bugtracker.net | 1 Bugtracker.net | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2002-0118 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
|
|||||
| CVE-2001-0279 | 2 Debian, Mandrakesoft | 3 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
|
|||||
| CVE-2000-0344 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.
|
|||||
| CVE-2006-3169 | 1 Comscripts | 1 Cs-forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php.
|
|||||
| CVE-2002-1081 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character.
|
|||||
| CVE-2005-1687 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
|
|||||
| CVE-1999-1189 | 1 Netscape | 2 Communicator, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
|
|||||
| CVE-1999-0763 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
|
|||||
| CVE-2001-0707 | 1 Denicomp | 1 Rshd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514.
|
|||||