Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1789 | 1 Georges Auberger | 1 Pajax | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable.
|
|||||
| CVE-2006-3717 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway.
|
|||||
| CVE-2000-0476 | 4 Michael Jennings, Putty, Rxvt and 1 more | 4 Eterm, Putty, Rxvt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
|
|||||
| CVE-2005-3213 | 1 Frisk Software | 1 F-prot Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2006-0885 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
|
|||||
| CVE-2006-0978 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers.
|
|||||
| CVE-2005-3391 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
|
|||||
| CVE-1999-0074 | 4 Freebsd, Linux, Microsoft and 1 more | 4 Freebsd, Linux Kernel, Windows Nt and 1 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
|
|||||
| CVE-2001-1062 | 1 Caldera | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.
|
|||||
| CVE-2006-4561 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
|
|||||
| CVE-2002-1771 | 1 Matt Wright | 1 Formmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
|
|||||
| CVE-2002-1403 | 1 Phystech | 1 Dhcpcd | 2025-04-03 | 7.2 HIGH | N/A |
|
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.
|
|||||
| CVE-2005-0921 | 1 Microsoft | 1 Outlook Connector | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
|
|||||
| CVE-2006-0429 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
|
|||||
| CVE-2000-0083 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
|
|||||
| CVE-2002-0878 | 1 Logisense | 2 Dns Manager System, Hawk-i | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field.
|
|||||
| CVE-2000-0835 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter.
|
|||||
| CVE-2005-3944 | 1 Faq System | 1 Faq System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter.
|
|||||
| CVE-2006-4853 | 1 Haberx | 1 Haberx | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.
|
|||||
| CVE-2004-0615 | 2 D-link, Dlink | 3 Di-614\+, Di-704p, Di-624 | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
|
|||||
| CVE-2006-1557 | 1 Skintech | 1 X-changer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php.
|
|||||
| CVE-2005-4518 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
|
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
|
|||||
| CVE-2005-1819 | 1 Nikosoft | 1 Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2006-0444 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-03 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
|
|||||
| CVE-2005-2723 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie.
|
|||||
| CVE-2002-1158 | 1 Canna | 1 Canna | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.
|
|||||
| CVE-2006-1683 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name.
|
|||||
| CVE-1999-0632 | 2025-04-03 | N/A | N/A | ||
|
The RPC portmapper service is running.
|
|||||
| CVE-2000-1103 | 1 Bsdi | 1 Bsd Os | 2025-04-03 | 7.2 HIGH | N/A |
|
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
|
|||||
| CVE-2005-3233 | 1 Trustix | 1 Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2006-1007 | 1 Nathan Landry | 1 N8cms Sitesuite Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php.
|
|||||
| CVE-2001-0044 | 1 Lexmark | 1 Markvision | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands.
|
|||||
| CVE-2003-0694 | 11 Apple, Compaq, Freebsd and 8 more | 18 Mac Os X, Mac Os X Server, Tru64 and 15 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
|
|||||
| CVE-2004-0047 | 1 Yamamoto Hirotaka | 1 Trr19 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges.
|
|||||
| CVE-2003-0141 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
|
|||||
| CVE-2000-0891 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 7.5 HIGH | N/A |
|
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
|
|||||
| CVE-1999-0079 | 1 Bisonware | 1 Bisonware Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.
|
|||||
| CVE-2000-0979 | 1 Microsoft | 4 Windows 95, Windows 98, Windows 98se and 1 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
|
|||||
| CVE-2000-0766 | 1 Vqsoft | 1 Vqserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.
|
|||||
| CVE-2005-1477 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
|
|||||