Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1026 | 3 Enlightenment, Gentoo, Redhat | 3 Imlib, Linux, Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
|
|||||
| CVE-2005-0591 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
|
|||||
| CVE-2006-2159 | 1 Russcom Network | 1 Loginphp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address.
|
|||||
| CVE-2006-1353 | 1 Aspportal | 1 Aspportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news ...
Show More |
|||||
| CVE-2004-1684 | 1 Zyxel | 2 Prestige, Zynos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2006-1142 | 1 Solido Systems | 1 Ravenous Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact.
|
|||||
| CVE-2003-0273 | 1 Best Practical Solutions | 1 Request Tracker | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies.
|
|||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
|
|||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.
|
|||||
| CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2025-04-03 | 5.0 MEDIUM | N/A |
|
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2006-3506 | 1 Apple | 3 Mac Os X, Mac Os X Server, Xsan | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."
|
|||||
| CVE-2004-2296 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.
|
|||||
| CVE-2002-0239 | 1 Hanterm | 1 Hanterm | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
|
|||||
| CVE-2005-3152 | 1 Devellion | 1 Cubecart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1.
|
|||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
|
|||||
| CVE-2000-0320 | 2 Qualcomm, Sun | 3 Qpopper, Cobalt Raq 2, Cobalt Raq 3i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.
|
|||||
| CVE-2001-1039 | 1 Hp | 1 Jetadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer.
|
|||||
| CVE-2004-0702 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.
|
|||||
| CVE-2005-1973 | 1 Sun | 1 J2se | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.
|
|||||
| CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.
|
|||||
| CVE-2004-1111 | 1 Cisco | 10 7200 Router, 7300 Router, 7500 Router and 7 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.
|
|||||
| CVE-2000-0321 | 1 Icradius | 1 Icradius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
|
|||||
| CVE-2005-0594 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
|
|||||
| CVE-2000-0575 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.2 HIGH | N/A |
|
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
|
|||||
| CVE-2005-0429 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
|
|||||
| CVE-1999-1195 | 1 Network Associates | 1 Virusscan | 2025-04-03 | 5.1 MEDIUM | N/A |
|
NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly.
|
|||||
| CVE-2005-4052 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site.
|
|||||
| CVE-2002-1226 | 1 Kth | 1 Heimdal | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).
|
|||||
| CVE-2002-0047 | 1 Olaf Titz | 1 Cipe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.
|
|||||
| CVE-2004-1023 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
|
|||||
| CVE-2001-0132 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 1.2 LOW | N/A |
|
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2004-2394 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
|
|||||
| CVE-2003-0883 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.
|
|||||
| CVE-2003-0297 | 1 University Of Washington | 3 C-client, Imap-2002b, Pine | 2025-04-03 | 7.5 HIGH | N/A |
|
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
|
|||||
| CVE-2006-0557 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.
|
|||||
| CVE-2006-1159 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | 7.8 HIGH | N/A |
|
Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request.
|
|||||
| CVE-1999-1081 | 1 Novell | 1 Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files.
|
|||||
| CVE-2002-0147 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
|
|||||
| CVE-2003-1326 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
|
|||||
| CVE-2002-2182 | 1 Seunghyun Seo | 1 Msn666 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 allows remote attackers to execute arbitrary code via a long MSN packet.
|
|||||