Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0753 | 1 Microsoft | 1 Ie | 2025-04-03 | 2.6 LOW | N/A |
|
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
|
|||||
| CVE-2006-3547 | 1 Vmware | 1 Player | 2025-04-03 | 2.6 LOW | 5.5 MEDIUM |
|
EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed
|
|||||
| CVE-2006-3106 | 1 Fredi Bach | 1 Phpmydesktop Arcade | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo.
|
|||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.4 MEDIUM | N/A |
|
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
|
|||||
| CVE-1999-1113 | 1 Eudora | 1 Internet Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier on MacOS systems allows remote attackers to cause a denial of service via a long USER command to port 106.
|
|||||
| CVE-1999-1305 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access.
|
|||||
| CVE-2001-0980 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2025-04-03 | 7.5 HIGH | N/A |
|
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
|
|||||
| CVE-1999-1134 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4038, PHSS_4055, and PHSS_4066.
|
|||||
| CVE-2006-2047 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
|
|||||
| CVE-2000-0600 | 2 Netscape, Novell | 2 Enterprise Server, Netware | 2025-04-03 | 7.5 HIGH | N/A |
|
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
|
|||||
| CVE-2006-2020 | 1 Asteriskathome | 1 Asteriskathome | 2025-04-03 | 7.8 HIGH | N/A |
|
Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information.
|
|||||
| CVE-2006-1685 | 1 Apt | 1 Apt-webshop-system | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.
|
|||||
| CVE-2002-1868 | 1 Daniel Stenberg | 1 Dispair | 2025-04-03 | 10.0 HIGH | N/A |
|
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
|
|||||
| CVE-2001-1076 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
|
|||||
| CVE-2006-0716 | 1 Solucija | 1 Snews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
|
|||||
| CVE-2006-4586 | 1 Tr Forum | 1 Tr Forum | 2025-04-03 | 5.5 MEDIUM | N/A |
|
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
|
|||||
| CVE-2001-0102 | 1 Apple | 1 Macos | 2025-04-03 | 7.2 HIGH | N/A |
|
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
|
|||||
| CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
|
|||||
| CVE-2006-2644 | 1 Awstats | 1 Awstats | 2025-04-03 | 4.0 MEDIUM | N/A |
|
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
|
|||||
| CVE-2002-2203 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
|
|||||
| CVE-2005-4046 | 1 Sun | 2 Java System Application Server, One Application Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy."
|
|||||
| CVE-2004-1761 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.
|
|||||
| CVE-2005-4843 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.8 HIGH | N/A |
|
The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2002-2167 | 1 Thorsten Korner | 1 123tkshop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call.
|
|||||
| CVE-2003-1158 | 1 Plug And Play Software | 1 Plug And Play Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.
|
|||||
| CVE-2001-0123 | 1 Extropia | 1 Bbs Forum.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.
|
|||||
| CVE-2004-1057 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.
|
|||||
| CVE-2004-2654 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
|
|||||
| CVE-2004-0769 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.
|
|||||
| CVE-2003-1059 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
|
|||||
| CVE-2005-3433 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields.
|
|||||
| CVE-2006-1675 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674.
|
|||||
| CVE-2004-1594 | 1 E-zone Media Inc. | 1 Fusetalk | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.
|
|||||
| CVE-2005-3885 | 1 Inkscape | 1 Inkscape | 2025-04-03 | 2.1 LOW | N/A |
|
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
|
|||||
| CVE-2001-0836 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2005-2046 | 1 Duware | 1 Duamazon Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.
|
|||||
| CVE-2004-2087 | 1 Sandsurfer | 1 Sandsurfer | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.
|
|||||
| CVE-2003-0954 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.
|
|||||
| CVE-2003-0473 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
|
|||||
| CVE-2006-4567 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
|
|||||