Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1409 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2002-0892 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
|
|||||
| CVE-2000-0615 | 1 Astart Technologies | 1 Lprng | 2025-04-03 | 2.1 LOW | N/A |
|
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
|
|||||
| CVE-2002-1777 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.5 HIGH | N/A |
|
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus befor ...
Show More |
|||||
| CVE-2004-1588 | 1 Gosmart | 1 Gosmart Message Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.
|
|||||
| CVE-2004-2258 | 1 Hummingbird | 1 Exceed | 2025-04-03 | 2.1 LOW | N/A |
|
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
|
|||||
| CVE-2004-0529 | 1 Cluecentral | 1 Suexec.patch | 2025-04-03 | 7.2 HIGH | N/A |
|
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
|
|||||
| CVE-2006-4762 | 1 Rssreader | 1 Rssreader | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
|
|||||
| CVE-2000-0581 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
|
|||||
| CVE-2001-0747 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request.
|
|||||
| CVE-2004-0390 | 1 Sco | 1 Openserver | 2025-04-03 | 7.5 HIGH | N/A |
|
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.
|
|||||
| CVE-2000-0865 | 1 Tridia | 1 Doublevision | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.
|
|||||
| CVE-2005-1254 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
|
|||||
| CVE-2003-1288 | 1 Vserver | 1 Linux-vserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.
|
|||||
| CVE-2002-1573 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."
|
|||||
| CVE-2005-2572 | 1 Oracle | 1 Mysql | 2025-04-03 | 8.5 HIGH | N/A |
|
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
|
|||||
| CVE-2003-0717 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
|
|||||
| CVE-2005-4253 | 1 Torrential | 1 Torrential | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160.
|
|||||
| CVE-2002-0272 | 1 Mpg321 | 1 Mpg321 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.
|
|||||
| CVE-2006-0242 | 1 Php Fusebox | 1 Php Fusebox | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.
|
|||||
| CVE-2006-0516 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
|
|||||
| CVE-2005-3429 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.
|
|||||
| CVE-2004-2138 | 1 Allwebscripts | 1 Mysqlguest | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Comments field.
|
|||||
| CVE-2006-2413 | 1 Gnunet | 1 Gnunet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors.
|
|||||
| CVE-2002-0548 | 1 Anthill | 1 Anthill | 2025-04-03 | 7.5 HIGH | N/A |
|
Anthill allows remote attackers to bypass authentication and file bug reports by directly accessing the postbug.php program instead of enterbug.php.
|
|||||
| CVE-2004-0566 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
|
|||||
| CVE-2003-0140 | 1 Mutt | 1 Mutt | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
|
|||||
| CVE-2006-0508 | 1 Easy Cms | 1 Easy Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory.
|
|||||
| CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
|
|||||
| CVE-1999-0341 | 2 Debian, Slackware | 2 Debian Linux, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
|
|||||
| CVE-1999-0242 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords.
|
|||||
| CVE-2006-3056 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
|
|||||
| CVE-2000-1056 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
|
|||||
| CVE-2005-1436 | 1 Osticket | 1 Osticket | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
|
|||||
| CVE-2000-1021 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
|
|||||
| CVE-1999-1518 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
|
|||||
| CVE-2004-0486 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.6 HIGH | N/A |
|
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
|
|||||
| CVE-2006-1256 | 1 Skullsplitter | 1 Php Guestbook | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2005-4761 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 1.2 LOW | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
|
|||||
| CVE-2006-0037 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used.
|
|||||