Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0199 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
|
|||||
| CVE-2005-3419 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
|
|||||
| CVE-1999-0280 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Remote command execution in Microsoft Internet Explorer using .lnk and .url files.
|
|||||
| CVE-2004-0714 | 1 Cisco | 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
|
|||||
| CVE-1999-1007 | 1 Vdonet | 1 Vdolive Player | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.
|
|||||
| CVE-2005-1691 | 1 Sap | 1 Sap R 3 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
|
|||||
| CVE-2002-1862 | 1 Virtualzone | 1 Smartmail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent.
|
|||||
| CVE-2005-3238 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
|
|||||
| CVE-2005-0554 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
|
|||||
| CVE-2005-0310 | 1 Exponent | 1 Exponent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined.
|
|||||
| CVE-2002-0684 | 2 Gnu, Isc | 2 Glibc, Bind | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
|
|||||
| CVE-2003-0303 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter.
|
|||||
| CVE-2005-1978 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-2807 | 1 Aspwebsoft | 1 Speedy Asp Discussion Forum | 2025-04-03 | 10.0 HIGH | N/A |
|
ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.
|
|||||
| CVE-2005-4135 | 1 Simplemedia | 1 Simplebbs | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
|
|||||
| CVE-2004-1080 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
|
|||||
| CVE-2004-1564 | 1 W-agora | 1 W-agora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
|
|||||
| CVE-2006-4524 | 1 Digiappz | 1 Freekot | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-1340 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.
|
|||||
| CVE-2005-2745 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2001-1467 | 1 Don Libes | 1 Expect | 2025-04-03 | 7.5 HIGH | N/A |
|
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
|
|||||
| CVE-2006-4593 | 1 Softbb | 1 Softbb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2000-0873 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
|
|||||
| CVE-2001-0847 | 1 Lotus | 1 Domino Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
|
|||||
| CVE-1999-1012 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.
|
|||||
| CVE-2003-0572 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2002-1279 | 1 Masqmail | 1 Masqmail | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).
|
|||||
| CVE-2000-0436 | 1 Metaproducts | 1 Offline Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2001-1364 | 1 Project Purple | 1 Autodns | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
|
|||||
| CVE-2004-1056 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.
|
|||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
|
|||||
| CVE-2000-0200 | 1 Microsoft | 3 Clip Art, Greetings, Home Publishing | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
|
|||||
| CVE-2006-2262 | 1 Singapore | 1 Singapore | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
|
|||||
| CVE-2005-1081 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2005-2803 | 1 Hiki | 1 Hiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
|
|||||
| CVE-2002-2225 | 1 Safenet | 1 Softremote Vpn Client | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflows using (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.
|
|||||
| CVE-2003-1283 | 1 Kazaa | 1 Kazaa Media Desktop | 2025-04-03 | 7.5 HIGH | N/A |
|
KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code.
|
|||||
| CVE-2004-0097 | 1 Openh323 Project | 1 Pwlib | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
|
|||||
| CVE-2005-1643 | 1 Jorg Ruppel | 1 Zoidcom | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read.
|
|||||
| CVE-2002-0477 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.
|
|||||