Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3937 | 1 Xguestbook | 1 Xguestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message.
|
|||||
| CVE-2005-0242 | 1 Yahoo | 1 Messenger | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
|
|||||
| CVE-2003-1177 | 1 Atrium Software | 1 Mercur Mailserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
|
|||||
| CVE-2002-0122 | 1 Siemens | 1 3568i Wap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.
|
|||||
| CVE-2005-1009 | 1 Bakbone | 1 Netvault | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
|
|||||
| CVE-2000-0456 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
|
|||||
| CVE-2006-4107 | 1 Drupal | 1 Job Search | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.
|
|||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
|
|||||
| CVE-2003-0425 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
|
|||||
| CVE-2006-1720 | 1 Arabless | 1 Saphplesson | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.
|
|||||
| CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
|
|||||
| CVE-2002-1017 | 1 Adobe | 1 Digital Editions | 2025-04-03 | 2.1 LOW | N/A |
|
Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code.
|
|||||
| CVE-2004-2068 | 1 Leafnode | 1 Leafnode | 2025-04-03 | 5.0 MEDIUM | N/A |
|
fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.
|
|||||
| CVE-2006-1388 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
|
|||||
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
|
|||||
| CVE-2001-1490 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
|
|||||
| CVE-2004-2571 | 1 Enderunix | 1 Isoqlog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecif ...
Show More |
|||||
| CVE-2005-3157 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
|
|||||
| CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
|
|||||
| CVE-2006-0375 | 1 Advantage Century Telecommunication | 1 P202s | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks.
|
|||||
| CVE-2005-0437 | 1 Awstats | 1 Awstats | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.
|
|||||
| CVE-2002-1051 | 1 Ehud Gavron | 1 Tracesroute | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.
|
|||||
| CVE-2003-0950 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 7.5 HIGH | N/A |
|
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file.
|
|||||
| CVE-2001-0118 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2025-04-03 | 1.2 LOW | N/A |
|
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0131 | 1 Activestate | 1 Activepython | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.
|
|||||
| CVE-2004-1819 | 1 Warpspeed | 1 4nalbum Module | 2025-04-03 | 5.0 MEDIUM | N/A |
|
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.
|
|||||
| CVE-2005-1016 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL.
|
|||||
| CVE-1999-0063 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.
|
|||||
| CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2025-04-03 | 7.5 HIGH | N/A |
|
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
|
|||||
| CVE-2000-0817 | 1 Microsoft | 1 Network Monitor | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.
|
|||||
| CVE-2000-0982 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.
|
|||||
| CVE-2001-0390 | 1 Ibm | 3 Net.commerce, Net.commerce Hosting Server, Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
|
|||||
| CVE-2001-1064 | 1 Cisco | 1 Cbos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
|
|||||
| CVE-2006-0814 | 1 Lighttpd | 1 Lighttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
|
|||||
| CVE-2006-3520 | 1 Sabdrimer Cms | 1 Sabdrimer Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter.
|
|||||
| CVE-2005-0176 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
|
|||||
| CVE-2005-3401 | 1 Thehacker | 1 Thehacker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2000-0597 | 1 Microsoft | 2 Excel, Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
|
|||||
| CVE-2006-0638 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.
|
|||||
| CVE-2006-0220 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
|
|||||