Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1617 | 1 Willings | 2 Webcam, Webcam Lite | 2025-04-03 | 2.1 LOW | N/A |
|
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information.
|
|||||
| CVE-1999-1045 | 1 Realnetworks | 1 Realserver | 2025-04-03 | 7.8 HIGH | N/A |
|
pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
|
|||||
| CVE-2005-0835 | 1 Belkin | 1 54g Wireless Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2005-3809 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.
|
|||||
| CVE-2000-1000 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.
|
|||||
| CVE-2006-3037 | 1 Site Trade | 1 St Admanager Lite | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters.
|
|||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2025-04-03 | 7.8 HIGH | N/A |
|
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
|
|||||
| CVE-2002-1085 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities.
|
|||||
| CVE-2001-1532 | 1 Web Crossing | 1 Webx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.
|
|||||
| CVE-2005-0322 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 7.2 HIGH | N/A |
|
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
|
|||||
| CVE-2003-0683 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.
|
|||||
| CVE-2004-0803 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
|
|||||
| CVE-1999-0735 | 1 Kde | 1 K-mail | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
|
|||||
| CVE-2006-0309 | 1 Linksys | 1 Befvp41 | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
|
|||||
| CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response.
|
|||||
| CVE-2006-1698 | 1 Matt Wright | 1 Matt Wright Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
|
|||||
| CVE-2006-3965 | 1 Banex | 1 Banex | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
|
|||||
| CVE-2004-0880 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2025-04-03 | 1.2 LOW | N/A |
|
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
|
|||||
| CVE-2006-4909 | 1 Cisco | 1 Guard Ddos Mitigation Appliance | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.
|
|||||
| CVE-2006-1214 | 1 Unreal | 1 Unrealircd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."
|
|||||
| CVE-2004-0159 | 1 Samhain Labs | 1 Hsftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
|
|||||
| CVE-2004-1936 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 7.5 HIGH | N/A |
|
ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.
|
|||||
| CVE-2002-0880 | 1 Cisco | 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2."
|
|||||
| CVE-2006-1027 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
|
|||||
| CVE-2002-0087 | 1 Lotus | 1 Domino | 2025-04-03 | 2.1 LOW | N/A |
|
bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2005-1085 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2000-0432 | 1 Matt Kruse | 1 Calendar Script | 2025-04-03 | 7.5 HIGH | N/A |
|
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2005-0344 | 1 Software602 | 1 602lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2006-0112 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
|
|||||
| CVE-2003-0628 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value.
|
|||||
| CVE-2002-0011 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
|
|||||
| CVE-2004-2149 | 1 Oracle | 1 Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.
|
|||||
| CVE-2000-0056 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
|
|||||
| CVE-2000-0531 | 2 Caldera, Redhat | 3 Openlinux, Openlinux Eserver, Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
|
|||||
| CVE-2000-0774 | 1 Bajie | 1 Java Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
|
|||||
| CVE-2006-4237 | 1 Invisionix Systems | 1 Invisionix Roaming System Remote | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter.
|
|||||
| CVE-2005-0624 | 1 Debian | 1 Reportbug | 2025-04-03 | 2.1 LOW | N/A |
|
reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.
|
|||||
| CVE-2005-0250 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.
|
|||||
| CVE-2002-1609 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
|
|||||
| CVE-2005-2451 | 1 Cisco | 2 Ios, Ios Xr | 2025-04-03 | 2.1 LOW | N/A |
|
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
|
|||||