Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3032 | 1 Cambridge Computer Corporation | 1 Vxtftpsrv | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument.
|
|||||
| CVE-2005-0660 | 1 Adalis | 1 D-forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.
|
|||||
| CVE-2005-0687 | 1 Hashcash | 1 Hashcash | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
|
|||||
| CVE-2006-1091 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | 7.8 HIGH | N/A |
|
Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors.
|
|||||
| CVE-2005-4319 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.
|
|||||
| CVE-2005-2901 | 1 Cj Desing | 1 Cjweb2mail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php.
|
|||||
| CVE-2004-1173 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.
|
|||||
| CVE-2001-1084 | 1 Macromedia | 1 Jrun | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
|
|||||
| CVE-2001-0201 | 1 Umut Gokbayrak | 1 Postaci | 2025-04-03 | 7.5 HIGH | N/A |
|
The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.
|
|||||
| CVE-2001-0887 | 1 Oliver Rauch | 1 Xsane | 2025-04-03 | 1.2 LOW | N/A |
|
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
|
|||||
| CVE-2001-1418 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
|
|||||
| CVE-2002-0940 | 1 Ncipher | 1 Mscapi Csp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
|
|||||
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2002-1096 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
|
|||||
| CVE-2006-2370 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
|
|||||
| CVE-1999-0513 | 7 Digital, Freebsd, Hp and 4 more | 8 Unix, Freebsd, Hp-ux and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
|
|||||
| CVE-2001-0315 | 1 Khaled Mardam-bey | 1 Mirc | 2025-04-03 | 7.5 HIGH | N/A |
|
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.
|
|||||
| CVE-2006-0096 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels.
|
|||||
| CVE-2002-0289 | 1 Bbshareware.com | 1 Phusion Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
|
|||||
| CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2025-04-03 | 7.8 HIGH | N/A |
|
Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133).
|
|||||
| CVE-2005-1132 | 1 Lg Electronics | 1 Lg Mobile Phone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.
|
|||||
| CVE-2006-0310 | 1 Mike Helton | 1 Aoblogger | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.
|
|||||
| CVE-2000-0249 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.
|
|||||
| CVE-2001-1004 | 1 Gnutella | 1 Gnutella Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags.
|
|||||
| CVE-2006-1719 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
|
|||||
| CVE-2006-2115 | 1 Sws | 1 Sws Simple Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.
|
|||||
| CVE-2005-4803 | 1 Graphviz | 1 Graphviz | 2025-04-03 | 3.6 LOW | N/A |
|
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
|
|||||
| CVE-2006-3989 | 1 Knusperleicht | 1 Shoutbox | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter.
|
|||||
| CVE-2000-0684 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
|
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
|
|||||
| CVE-2006-1545 | 1 Vscripts | 1 Vnews | 2025-04-03 | 9.0 HIGH | N/A |
|
Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php.
|
|||||
| CVE-2006-4286 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate
|
|||||
| CVE-2003-0839 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
|
|||||
| CVE-2004-0169 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
|
|||||
| CVE-2006-3778 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
|
|||||
| CVE-2002-0129 | 1 Efax | 1 Efax | 2025-04-03 | 2.1 LOW | N/A |
|
efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message.
|
|||||
| CVE-2006-3990 | 1 Phpsavant | 1 Savant2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plu ...
Show More |
|||||
| CVE-2004-2655 | 1 Xscreensaver | 1 Xscreensaver | 2025-04-03 | 5.4 MEDIUM | N/A |
|
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
|
|||||
| CVE-2004-1225 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
|
|||||
| CVE-2003-0968 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.
|
|||||
| CVE-2004-2572 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.
|
|||||