Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1779 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
|
|||||
| CVE-2000-0558 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.
|
|||||
| CVE-2001-1024 | 1 Entrust | 1 Getaccess | 2025-04-03 | 7.5 HIGH | N/A |
|
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
|
|||||
| CVE-2005-2606 | 1 Phlymail | 1 Phlymail | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.
|
|||||
| CVE-2004-1434 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.
|
|||||
| CVE-2005-3231 | 1 Cat | 1 Quick Heal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2004-1598 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
|
|||||
| CVE-2000-0572 | 1 Visible Systems | 1 Razor | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
|
|||||
| CVE-2005-1710 | 1 Bluecoat | 1 Reporter | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
|
|||||
| CVE-2004-1933 | 1 Citadel | 1 Ux | 2025-04-03 | 2.1 LOW | N/A |
|
Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.
|
|||||
| CVE-2003-1028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
|
|||||
| CVE-2005-3023 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.
|
|||||
| CVE-2002-1690 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
|
|||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2025-04-03 | 10.0 HIGH | N/A |
|
PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.
|
|||||
| CVE-2001-1077 | 1 Rxvt | 1 Rxvt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.
|
|||||
| CVE-2004-1011 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
|
|||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.
|
|||||
| CVE-2005-3475 | 1 Hasbani Web Server | 1 Hasbani Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests.
|
|||||
| CVE-2005-3039 | 1 Mall23 | 1 Mall23 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter.
|
|||||
| CVE-2005-0189 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
|
|||||
| CVE-2005-1656 | 1 Mercur | 1 Mercur Messaging | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").
|
|||||
| CVE-2004-2337 | 1 Inlook | 1 Inlook | 2025-04-03 | 2.1 LOW | N/A |
|
The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.
|
|||||
| CVE-2002-1578 | 1 Sap | 1 Sap R 3 | 2025-04-03 | 7.5 HIGH | N/A |
|
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
|
|||||
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
|
|||||
| CVE-1999-0255 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Buffer overflow in ircd allows arbitrary command execution.
|
|||||
| CVE-2006-4386 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
|
|||||
| CVE-2002-0760 | 1 Bzip | 1 Bzip2 | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
|
|||||
| CVE-2002-1838 | 1 Steve Sachs | 1 Charities.cron | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2006-4456 | 1 Phpecard | 1 Phpecard | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2005-2718 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk.
|
|||||
| CVE-1999-0136 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
|
|||||
| CVE-2000-0660 | 1 Alt-n | 1 Worldclient | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-1999-1018 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.5 HIGH | N/A |
|
IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.
|
|||||
| CVE-2005-4841 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.1 HIGH | N/A |
|
The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2001-1411 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.
|
|||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2006-1276 | 1 Himpfen Consulting | 1 Php Simplenews | 2025-04-03 | 10.0 HIGH | N/A |
|
admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.
|
|||||
| CVE-2001-0077 | 1 Sun | 1 Cluster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.
|
|||||
| CVE-2004-2303 | 1 Mtools | 1 Mformat | 2025-04-03 | 3.6 LOW | N/A |
|
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
|
|||||
| CVE-2006-3666 | 1 Myiosoft.com | 1 Ajaxportal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-2006-3515.
|
|||||