Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1105 | 1 Microsoft | 1 Indexing Service | 2025-04-03 | 4.3 MEDIUM | N/A |
|
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
|
|||||
| CVE-2005-3223 | 1 Rising | 1 Rising Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2006-1445 | 1 Apple | 1 Mac Os X | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."
|
|||||
| CVE-2005-1326 | 1 Voodoo Circle | 1 Voodoo Circle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet.
|
|||||
| CVE-2006-1427 | 1 Web-app.org | 1 Webapp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
|
|||||
| CVE-2006-4372 | 1 Constructor Component | 1 Constructor Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
|
|||||
| CVE-2003-0255 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 10.0 HIGH | N/A |
|
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.
|
|||||
| CVE-2004-1373 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
|
|||||
| CVE-2006-4451 | 1 Cj Design | 1 Cj Tag Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.
|
|||||
| CVE-2006-3484 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.
|
|||||
| CVE-1999-0556 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Two or more Unix accounts have the same UID.
|
|||||
| CVE-2005-3579 | 1 Walla Telesite | 1 Walla Telesite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.
|
|||||
| CVE-2006-1917 | 1 Blackorpheus | 1 Clanmemberskript | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter.
|
|||||
| CVE-1999-1588 | 1 Sun | 1 Solaris | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
|
|||||
| CVE-2005-3151 | 1 Blender | 1 Blender | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2000-0348 | 1 Sco | 1 Unixware | 2025-04-03 | 10.0 HIGH | N/A |
|
A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.
|
|||||
| CVE-2004-0732 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
|
|||||
| CVE-2003-1161 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
|
|||||
| CVE-1999-0418 | 2025-04-03 | 6.4 MEDIUM | N/A | ||
|
Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection.
|
|||||
| CVE-2004-1161 | 2 Gentoo, Rssh | 2 Linux, Rssh | 2025-04-03 | 7.5 HIGH | N/A |
|
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
|
|||||
| CVE-2002-0700 | 1 Microsoft | 1 Content Management Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
|
|||||
| CVE-2003-0583 | 1 Tolis Group | 1 Bru | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2004-0327 | 1 Skintech | 1 Phpnewsmanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
|
|||||
| CVE-1999-0433 | 5 Netbsd, Redhat, Slackware and 2 more | 5 Netbsd, Linux, Slackware Linux and 2 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
|
|||||
| CVE-2005-0826 | 1 Ollydbg | 1 Ollydbg | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename.
|
|||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2025-04-03 | 7.2 HIGH | N/A |
|
gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.
|
|||||
| CVE-2005-3792 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.
|
|||||
| CVE-2006-4371 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm.
|
|||||
| CVE-2003-0364 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
|
|||||
| CVE-2005-0915 | 1 Webmasters-debutants | 1 Wd Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php.
|
|||||
| CVE-2006-0463 | 1 Ideosoft Design | 1 Ideocontent Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php.
|
|||||
| CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse.
|
|||||
| CVE-2000-0480 | 1 Shadow Op Software | 1 Dragon Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dragon telnet server allows remote attackers to cause a denial of service via a long username.
|
|||||
| CVE-2004-2579 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
|
|||||
| CVE-2002-0039 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths.
|
|||||
| CVE-2004-1037 | 2 Gentoo, Twiki | 2 Linux, Twiki | 2025-04-03 | 10.0 HIGH | N/A |
|
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
|
|||||
| CVE-2002-1758 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in.
|
|||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 5.0 MEDIUM | N/A |
|
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
|
|||||
| CVE-2005-4297 | 1 Bbboard | 1 Bbboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.
|
|||||
| CVE-2001-1535 | 1 Open Source Development Network | 1 Slashcode | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
|
|||||