Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0214 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 98 and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
|
|||||
| CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
|
|||||
| CVE-2006-0294 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.
|
|||||
| CVE-2004-0767 | 1 Ngsec | 1 Stackdefender | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions.
|
|||||
| CVE-2001-0483 | 1 Symantec | 1 Raptor Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
|
|||||
| CVE-2005-2256 | 1 Phppgadmin | 1 Phppgadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
|
|||||
| CVE-2002-1691 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 10.0 HIGH | N/A |
|
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2002-0117 | 1 Yabb | 1 Yabb | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
|
|||||
| CVE-2001-1295 | 1 Grant Averett | 1 Cerberus Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
|
|||||
| CVE-2004-0087 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
|
|||||
| CVE-2002-0952 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface.
|
|||||
| CVE-2006-1000 | 1 G2soft | 1 Pentacle In-out Board | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
|
|||||
| CVE-2002-0253 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
|
|||||
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.
|
|||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system.
|
|||||
| CVE-2006-4505 | 1 Nx5 | 1 Nx5linx | 2025-04-03 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
|
|||||
| CVE-2006-0964 | 1 Ncp Network Communications | 1 Secure Client | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program.
|
|||||
| CVE-2004-1836 | 1 Invision Power Services | 1 Invision Power Top Site List | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.
|
|||||
| CVE-2002-1502 | 1 Dave Brul | 1 Xbreaky | 2025-04-03 | 2.1 LOW | N/A |
|
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.
|
|||||
| CVE-2001-0953 | 1 Nara Vision | 1 Kebi Community | 2025-04-03 | 10.0 HIGH | N/A |
|
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.
|
|||||
| CVE-2006-1113 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2004-0789 | 9 Axis, Delegate, Dnrd and 6 more | 15 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 12 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
|
|||||
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter.
|
|||||
| CVE-2006-2927 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
|
|||||
| CVE-2004-1199 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
|
|||||
| CVE-2000-0044 | 1 Jgaa | 1 Warftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.
|
|||||
| CVE-2003-0616 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution.
|
|||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
|
|||||
| CVE-1999-0078 | 10 Bsdi, Freebsd, Hp and 7 more | 11 Bsd Os, Freebsd, Hp-ux and 8 more | 2025-04-03 | 1.9 LOW | N/A |
|
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
|
|||||
| CVE-2004-2653 | 1 Pd9 Software | 1 Megabbs | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
|
|||||
| CVE-2002-1714 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
|
|||||
| CVE-2003-0703 | 1 Kismac | 1 Kismac | 2025-04-03 | 7.2 HIGH | N/A |
|
KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.
|
|||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2025-04-03 | 6.4 MEDIUM | N/A |
|
stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.
|
|||||
| CVE-2006-1059 | 1 Samba | 1 Samba | 2025-04-03 | 1.2 LOW | N/A |
|
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
|
|||||
| CVE-2005-1895 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php.
|
|||||
| CVE-2005-2551 | 1 Novell | 1 Edirectory | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
|
|||||
| CVE-2005-2917 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).
|
|||||
| CVE-2005-1180 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.
|
|||||
| CVE-2002-0527 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options.
|
|||||