Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0549 | 1 Sun | 1 Solaris Answerbook2 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function.
|
|||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2025-04-03 | 4.0 MEDIUM | N/A |
|
POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands.
|
|||||
| CVE-2005-4312 | 1 Almondsoft | 1 Almond Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2005-0761 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
|
|||||
| CVE-2005-0486 | 1 Tarantella | 2 Secure Global Desktop, Tarantella Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.
|
|||||
| CVE-2003-0558 | 1 Leapware | 1 Leapftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.
|
|||||
| CVE-2005-0944 | 1 Microsoft | 1 Jet | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.
|
|||||
| CVE-2003-0709 | 1 Whois | 1 Whois | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.
|
|||||
| CVE-2005-1420 | 1 Raysoft | 1 Video Cam Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space).
|
|||||
| CVE-2006-2042 | 1 Adobe | 1 Dreamweaver | 2025-04-03 | 7.5 HIGH | N/A |
|
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
|
|||||
| CVE-2003-0362 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.
|
|||||
| CVE-2003-0131 | 1 Openssl | 1 Openssl | 2025-04-03 | 7.5 HIGH | N/A |
|
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
|
|||||
| CVE-2001-0514 | 3 Atmel, Linksys, Netgear | 3 802.11b Vnet-b Access Point, Wap11, Me102 | 2025-04-03 | 7.5 HIGH | N/A |
|
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
|
|||||
| CVE-2005-3981 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 4.9 MEDIUM | N/A |
|
NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could ...
Show More |
|||||
| CVE-2005-1914 | 1 Centericq | 1 Centericq | 2025-04-03 | 2.1 LOW | N/A |
|
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
|
|||||
| CVE-2002-1647 | 1 Slashcode.com | 1 Slash | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
|
|||||
| CVE-2001-1183 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
|
|||||
| CVE-2004-1651 | 1 Brickhost | 1 Phpscheduleit | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field.
|
|||||
| CVE-2006-0475 | 1 Theworldsend.net | 1 Php-ping | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
|
|||||
| CVE-2006-0908 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
|
|||||
| CVE-2005-3825 | 1 Comdev | 1 Comdev Vote Caster | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
|
|||||
| CVE-2005-4809 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
|
|||||
| CVE-2003-1466 | 1 Phorum | 1 Phorum | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
|
|||||
| CVE-2006-1722 | 1 Suche | 1 Shopxs | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter.
|
|||||
| CVE-1999-1346 | 1 Redhat | 1 Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file.
|
|||||
| CVE-2005-3855 | 1 Easybe | 1 1-2-3 Music Store | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
|
|||||
| CVE-2003-0536 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-03 | 3.6 LOW | N/A |
|
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
|
|||||
| CVE-2006-3693 | 1 Rocks Clusters | 1 Rocks Clusters | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call.
|
|||||
| CVE-2002-0923 | 1 Cgiscript.net | 1 Csnews | 2025-04-03 | 7.5 HIGH | N/A |
|
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.
|
|||||
| CVE-2005-2142 | 1 Kmint21 Software | 1 Golden Ftp Server | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
|
|||||
| CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
|
|||||
| CVE-2000-1225 | 1 Imatix | 1 Xitami | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program.
|
|||||
| CVE-2002-0443 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
|
|||||
| CVE-2001-0309 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.
|
|||||
| CVE-2002-1027 | 1 Macromedia | 1 Sitespring | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
|
|||||
| CVE-2002-1091 | 3 Mozilla, Netscape, Opera Software | 3 Mozilla, Navigator, Opera Web Browser | 2025-04-03 | 7.5 HIGH | N/A |
|
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
|
|||||
| CVE-2006-1743 | 1 Jbook | 1 Jbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) nom or (2) mail parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-2788 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
|
|||||
| CVE-2002-0440 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 7.5 HIGH | N/A |
|
Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients.
|
|||||
| CVE-2002-0846 | 1 Macromedia | 1 Shockwave Flash | 2025-04-03 | 7.5 HIGH | N/A |
|
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
|
|||||