Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1254 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-3824 | 1 Vtiger | 1 Vtiger Crm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.
|
|||||
| CVE-2004-2166 | 1 Canon | 2 Imagerunner 5000i, Imagerunner C3200 | 2025-04-03 | 7.5 HIGH | N/A |
|
The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25.
|
|||||
| CVE-2004-2500 | 1 Ilohamail | 1 Ilohamail | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
|
|||||
| CVE-2006-0637 | 1 Qualcomm | 1 Eudora Worldmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. NOTE: this is a different vector and a different manipulation than CVE-2005-4267, so it might be a different vulnerability than CVE-2005-4267.
|
|||||
| CVE-1999-0849 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in BIND named via maxdname.
|
|||||
| CVE-2006-3162 | 1 Smartsitecms | 1 Smartsitecms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
|
|||||
| CVE-2001-1180 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
|
|||||
| CVE-2006-4005 | 1 Bomberclone | 1 Bomberclone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.
|
|||||
| CVE-2005-0468 | 1 Ncsa | 1 Telnet | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
|
|||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.
|
|||||
| CVE-2006-4277 | 1 Tutti Nova | 1 Tutti Nova | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-1999-0141 | 1 Netscape | 1 Navigator | 2025-04-03 | 3.7 LOW | N/A |
|
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
|
|||||
| CVE-2004-0113 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
|
|||||
| CVE-2003-0320 | 1 Andy Prevost | 1 Ttcms | 2025-04-03 | 7.5 HIGH | N/A |
|
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script.
|
|||||
| CVE-2005-0283 | 1 David Barrett | 1 Qwikiwiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.
|
|||||
| CVE-2006-4060 | 1 Web-scripts | 1 Visual Events Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
|
|||||
| CVE-2005-3581 | 1 Gdal | 1 Gdal | 2025-04-03 | 7.2 HIGH | N/A |
|
GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
|
|||||
| CVE-2001-0142 | 5 Immunix, Mandrakesoft, National Science Foundation and 2 more | 5 Immunix, Mandrake Linux, Squid Web Proxy and 2 more | 2025-04-03 | 1.2 LOW | N/A |
|
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
|
|||||
| CVE-2003-0814 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
|
|||||
| CVE-2003-1181 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.
|
|||||
| CVE-2006-0792 | 1 V-webmail | 1 V-webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2003-0724 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
|
ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.
|
|||||
| CVE-2001-1245 | 1 Opera Software | 1 Opera Web Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
|
|||||
| CVE-2004-0288 | 1 Mnogosearch | 1 Mnogosearch | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.
|
|||||
| CVE-2005-3230 | 1 Panda | 1 Activescan | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2000-0971 | 1 Avirt | 1 Avirt Mail Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.
|
|||||
| CVE-2006-4008 | 1 Knusperleicht | 1 Faq | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.
|
|||||
| CVE-2006-0957 | 1 Zoneo-soft | 1 Freeforum | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
|
|||||
| CVE-2004-2567 | 1 Recipants | 1 Recipants | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.
|
|||||
| CVE-2003-1243 | 1 Sage | 1 Sage | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
|
|||||
| CVE-2005-2831 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
|
|||||
| CVE-2006-0968 | 1 Ncp Network Communications | 1 Secure Client | 2025-04-03 | 7.2 HIGH | N/A |
|
The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established.
|
|||||
| CVE-2002-1568 | 1 Openssl | 1 Openssl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.
|
|||||
| CVE-1999-0789 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AIX ftpd in the libc library.
|
|||||
| CVE-1999-1539 | 1 Qpc Software | 2 Qvt Net, Qvt Term Plus | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2) password.
|
|||||
| CVE-2004-2311 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 3.6 LOW | N/A |
|
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
|
|||||
| CVE-2001-0575 | 1 Sco | 1 Openserver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
|
|||||
| CVE-2006-0086 | 1 Next Generation Image Gallery | 1 Next Generation Image Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2005-2048 | 1 Duware | 1 Duforum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.
|
|||||