Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0329 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
|
|||||
| CVE-2001-1382 | 1 Openbsd | 1 Openssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
|
|||||
| CVE-2001-1498 | 1 Markus Kliegl | 1 Mod Bf | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script.
|
|||||
| CVE-2001-0004 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
|
|||||
| CVE-1999-0624 | 2025-04-03 | N/A | N/A | ||
|
The rstat/rstatd service is running.
|
|||||
| CVE-2005-1923 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 2.6 LOW | N/A |
|
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
|
|||||
| CVE-2006-4194 | 1 Cisco | 8 Pix Firewall 501, Pix Firewall 506, Pix Firewall 515 and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue
|
|||||
| CVE-2002-0644 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
|
|||||
| CVE-2002-0336 | 1 Galacticomm Technologies | 2 Worldgroup, Worldgroup Lite Personal Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. characters.
|
|||||
| CVE-2005-3693 | 1 Sunncomm Mediamax | 1 Axwebremovectrl | 2025-04-03 | 9.3 HIGH | N/A |
|
The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm MediaMax DRM allows remote attackers to download and execute arbitrary code, a similar vulnerability to CVE-2005-3650.
|
|||||
| CVE-2004-0926 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
|
|||||
| CVE-2006-0778 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.
|
|||||
| CVE-2004-0111 | 3 Gnome, Redhat, Sgi | 5 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
|
|||||
| CVE-2004-0524 | 1 Thiago Melo De Paula | 1 Change Passwd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
|
|||||
| CVE-1999-0384 | 1 Microsoft | 6 Office, Outlook, Project and 3 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
|
|||||
| CVE-2004-1092 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
|
|||||
| CVE-2005-4406 | 1 Tmc Visionpool | 1 Mercury Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2004-2206 | 1 Natterchat | 1 Natterchat | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2005-2530 | 1 Sun | 1 Java | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
|
|||||
| CVE-1999-1182 | 6 Caldera, Debian, Delix and 3 more | 6 Openlinux Lite, Debian Linux, Dld and 3 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
|
|||||
| CVE-2000-0244 | 1 Citrix | 2 Metaframe, Winframe | 2025-04-03 | 10.0 HIGH | N/A |
|
The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
|
|||||
| CVE-2005-4453 | 1 Ultraapps | 1 Ultraapps Issue Manager | 2025-04-03 | 9.0 HIGH | N/A |
|
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.
|
|||||
| CVE-2002-0687 | 1 Zope | 1 Zope | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
|
|||||
| CVE-2006-1387 | 1 Twiki | 1 Twiki | 2025-04-03 | 4.0 MEDIUM | N/A |
|
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.
|
|||||
| CVE-2005-3660 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
|
|||||
| CVE-2005-0036 | 2 Delegate, Etl | 2 Delegate, Delegate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
|
|||||
| CVE-2004-2385 | 1 Emumail | 1 Emu Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
|
|||||
| CVE-2002-2174 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.
|
|||||
| CVE-2005-3370 | 1 Arcavir | 1 Arcavir 2005 | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2006-2995 | 1 Webprojectdb | 1 Webprojectdb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php.
|
|||||
| CVE-2005-3826 | 1 Ezy Helpdesk | 1 Ezyhelpdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.
|
|||||
| CVE-2006-0378 | 1 Netrix | 1 X-site Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom mp3players_details.php program. NOTE: the name of the affected program might be installation-dependent, but it has been identified as "product_details.php" by some sources.
|
|||||
| CVE-2005-1439 | 1 Osticket | 1 Osticket | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
|
|||||
| CVE-2005-1562 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.
|
|||||
| CVE-2006-0486 | 1 Cisco | 1 Ios | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
|
|||||
| CVE-2005-3174 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
|
|||||
| CVE-2001-1358 | 1 Phpheaven | 1 Phpmychat | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.
|
|||||
| CVE-2005-4276 | 1 Westell | 1 Versalink | 2025-04-03 | 7.8 HIGH | N/A |
|
Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2001-0506 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
|
|||||
| CVE-2005-2537 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php.
|
|||||