Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1627 | 1 Code-crafters | 1 Ability Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
|
|||||
| CVE-2006-1507 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
|
|||||
| CVE-1999-0974 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
|
|||||
| CVE-2005-4623 | 1 Efilego | 1 Efilego | 2025-04-03 | 5.0 MEDIUM | N/A |
|
upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name.
|
|||||
| CVE-2000-0998 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
|
|||||
| CVE-2002-1591 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions.
|
|||||
| CVE-2005-4567 | 1 Floosietek | 1 Ftgate | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow remote attackers to inject arbitrary web script or HTML by sending (1) the href parameter to index.fts, or the param1 parameter to (2) /domains/index.fts, (3) /config/licence.fts, or (4) /config/systemacl.fts.
|
|||||
| CVE-2000-0486 | 1 Cisco | 2 Ios, Tacacs\+ | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.
|
|||||
| CVE-2005-1385 | 1 Apple | 1 Safari | 2025-04-03 | 2.6 LOW | N/A |
|
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.
|
|||||
| CVE-2004-1823 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
|
|||||
| CVE-2006-1681 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
|
|||||
| CVE-2002-1150 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering certain logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out of the resulting user confirmation prompts, such as when the remote user is editing a document.
|
|||||
| CVE-2000-0724 | 1 Helix Code | 1 Go-gnome Pre-installer | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
|
|||||
| CVE-2006-2759 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.0 MEDIUM | N/A |
|
jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
|
|||||
| CVE-2001-1390 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
|
|||||
| CVE-2003-0378 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
|
|||||
| CVE-2005-1186 | 1 Musicmatch | 1 Jukebox | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.
|
|||||
| CVE-2006-2822 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2004-1451 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
|
|||||
| CVE-2005-1329 | 1 Oneworldstore | 1 Oneworldstore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.
|
|||||
| CVE-2002-1754 | 1 Novell | 1 Netware Client | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
|
|||||
| CVE-2000-0595 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
|
|||||
| CVE-2002-1109 | 1 Amavis | 1 Virus Scanner | 2025-04-03 | 2.1 LOW | N/A |
|
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
|
|||||
| CVE-2005-1931 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character.
|
|||||
| CVE-2000-0178 | 1 Foundrynet | 1 Serveriron | 2025-04-03 | 7.5 HIGH | N/A |
|
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.
|
|||||
| CVE-2005-3436 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox.
|
|||||
| CVE-2006-3421 | 1 Smartsitecms | 1 Smartsitecms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.
|
|||||
| CVE-2004-0727 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
|
|||||
| CVE-2006-0766 | 1 Mirabilis | 2 Icq, Icq Lite | 2025-04-03 | 5.1 MEDIUM | N/A |
|
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.
|
|||||
| CVE-2002-1865 | 2 D-link, Linksys | 4 Di-804, Dl-704, Befw11s4 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
|
|||||
| CVE-2000-1242 | 1 Apc | 1 Powerchute | 2025-04-03 | 9.0 HIGH | N/A |
|
The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access.
|
|||||
| CVE-2001-0166 | 1 Macromedia | 1 Shockwave Flash Plugin | 2025-04-03 | 7.6 HIGH | N/A |
|
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.
|
|||||
| CVE-2005-4508 | 1 Nexus Concepts | 1 Dev Hound | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file.
|
|||||
| CVE-2005-2598 | 1 Dokeos | 1 Dokeos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.
|
|||||
| CVE-1999-1587 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
|
|||||
| CVE-2005-2157 | 1 Nabocorp | 1 Nabopoll | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
|
|||||
| CVE-2004-1301 | 1 Xlreader | 1 Xlreader | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file.
|
|||||
| CVE-2005-0157 | 1 Smartlist | 1 Smartlist | 2025-04-03 | 7.5 HIGH | N/A |
|
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.
|
|||||
| CVE-2003-0987 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
|
|||||
| CVE-2004-1115 | 1 Gentoo | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
|
|||||