Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1297 | 1 Sun | 1 Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
|
|||||
| CVE-2000-0892 | 2 Caldera, U Win | 2 Openlinux, U Win | 2025-04-03 | 2.6 LOW | N/A |
|
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
|
|||||
| CVE-2005-1732 | 1 Metro Marketing | 1 Cookie Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi.
|
|||||
| CVE-2001-0622 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | 7.5 HIGH | N/A |
|
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
|
|||||
| CVE-2004-0431 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2002-0075 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
|
|||||
| CVE-2004-2230 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 2.1 LOW | N/A |
|
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
|
|||||
| CVE-2005-0079 | 1 Xtrlock | 1 Xtrlock | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session.
|
|||||
| CVE-2006-2711 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages.
|
|||||
| CVE-2005-1349 | 1 Perl | 1 Convert Uulib | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
|
|||||
| CVE-2003-0053 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
|
|||||
| CVE-2003-0079 | 1 Hanterm | 1 Hanterm-xf | 2025-04-03 | 2.1 LOW | N/A |
|
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
|
|||||
| CVE-1999-0052 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
|
|||||
| CVE-2004-2301 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow.
|
|||||
| CVE-2005-4791 | 1 Novell | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
|
|||||
| CVE-1999-1479 | 1 Matt Wright | 1 Textcounter | 2025-04-03 | 10.0 HIGH | N/A |
|
The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2002-1729 | 1 Aspjar | 1 Aspjar Guestbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message.
|
|||||
| CVE-2005-3271 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user.
|
|||||
| CVE-2001-1201 | 1 Timecop | 1 Wmcube Gdk | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
|
|||||
| CVE-2002-0420 | 1 Claymore Systems Inc | 1 Puretls | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.
|
|||||
| CVE-1999-0438 | 1 Ramp Networks | 2 Webramp 200i, Webramp M3 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.
|
|||||
| CVE-2004-0498 | 1 Stonesoft | 1 Firewall Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.
|
|||||
| CVE-2005-2201 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
|
|||||
| CVE-2005-3022 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php.
|
|||||
| CVE-2006-2616 | 1 Alstrasoft | 1 Webhost Directory | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.
|
|||||
| CVE-2000-0762 | 2 Broadcom, Ca | 2 Etrust Access Control, Etrust Access Control | 2025-04-03 | 10.0 HIGH | N/A |
|
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
|
|||||
| CVE-2005-1309 | 1 Eaden Mckee | 1 Bblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text.
|
|||||
| CVE-2003-0576 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619.
|
|||||
| CVE-1999-0602 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A network intrusion detection system (IDS) does not properly reassemble fragmented packets.
|
|||||
| CVE-2006-1111 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection.
|
|||||
| CVE-2004-1825 | 1 Mambo | 1 Mambo Open Source | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.
|
|||||
| CVE-2006-1022 | 1 Pehepe | 1 Membership Management System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE.
|
|||||
| CVE-2000-0718 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 1.2 LOW | N/A |
|
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
|
|||||
| CVE-2002-1836 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
|
|||||
| CVE-2001-0777 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts.
|
|||||
| CVE-1999-0592 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The Logon box of a Windows NT system displays the name of the last user who logged in.
|
|||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter.
|
|||||
| CVE-2001-1143 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
|
|||||
| CVE-2005-3258 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
|
|||||
| CVE-1999-0596 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A Windows NT log file has an inappropriate maximum size or retention period.
|
|||||