Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1250 | 1 Efficient Networks | 1 5861 Dsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap.
|
|||||
| CVE-2004-2075 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
|
|||||
| CVE-2006-1410 | 1 Xigla | 1 Absolute Live Support Xe | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field.
|
|||||
| CVE-2005-1786 | 1 Funkyasp | 1 Funkyasp Ad System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password parameter.
|
|||||
| CVE-2005-0327 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 7.5 HIGH | N/A |
|
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.
|
|||||
| CVE-2004-0152 | 1 Emil | 1 Emil | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames.
|
|||||
| CVE-2005-2417 | 1 Astalavista It Engineering | 1 Contrexx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Contrexx before 1.0.5 allows remote attackers to obtain sensitive information via a direct request to /config/version.xml.
|
|||||
| CVE-2004-0791 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. W ...
Show More |
|||||
| CVE-2005-0938 | 1 Uapplication | 1 Ublog Reload | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb.
|
|||||
| CVE-2003-0823 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
|
|||||
| CVE-2005-2509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
|
|||||
| CVE-2003-0658 | 2 Caldera, Sco | 4 Openlinux Server, Openlinux Workstation, Openserver and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
|
|||||
| CVE-2002-1785 | 1 Zeus Technologies | 1 Zeus Web Server | 2025-04-03 | 1.9 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
|
|||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters.
|
|||||
| CVE-2002-0137 | 1 Andreas Mueller | 1 Cdrdao | 2025-04-03 | 7.2 HIGH | N/A |
|
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file.
|
|||||
| CVE-2001-0050 | 1 Colten Edwards | 1 Bitchx | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
|
|||||
| CVE-2006-2225 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
|
|||||
| CVE-2000-0437 | 1 Network Associates | 3 Gauntlet Firewall, Webshield, Webshield E-ppliance | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
|
|||||
| CVE-2005-4757 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
|
|||||
| CVE-2002-0529 | 1 Hp | 1 Photosmart Print Driver | 2025-04-03 | 6.2 MEDIUM | N/A |
|
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.
|
|||||
| CVE-2005-0305 | 1 Siteman | 1 Siteman | 2025-04-03 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
|
|||||
| CVE-2005-3780 | 1 Ipupdate | 1 Ipupdate | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records.
|
|||||
| CVE-2003-0014 | 1 Bmv | 1 Bmv | 2025-04-03 | 4.6 MEDIUM | N/A |
|
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2004-1766 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.
|
|||||
| CVE-2006-2832 | 1 Drupal | 1 Drupal | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
|
|||||
| CVE-2002-0796 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
|
|||||
| CVE-1999-1378 | 1 Dbmlparser.exe | 1 Dbmlparser.exe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files.
|
|||||
| CVE-2004-1788 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.
|
|||||
| CVE-1999-1296 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable.
|
|||||
| CVE-2000-0699 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
|
|||||
| CVE-2006-2048 | 1 Phpwebftp | 1 Phpwebftp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2.
|
|||||
| CVE-2004-1420 | 1 Whm | 1 Autopilot | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.
|
|||||
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
|
|||||
| CVE-2005-4512 | 1 Waxtrapp | 1 Waxtrapp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
|
|||||
| CVE-2002-1988 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
|
|||||
| CVE-2004-1874 | 1 Alan Ward | 1 A-cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.
|
|||||
| CVE-1999-1291 | 1 Microsoft | 2 Windows 95, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target.
|
|||||
| CVE-2005-4330 | 1 Ihtml Merchant | 1 Ihtml Merchant Mall | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.
|
|||||
| CVE-2006-3948 | 1 Php-nuke | 1 Inp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
|
|||||