Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1081 | 1 Jonathan Beckett | 1 Pluggedout Nexus | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forgotten_password.php in Jonathan Beckett PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
|||||
| CVE-2001-0942 | 1 Oracle | 1 Database Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
|
|||||
| CVE-2006-2957 | 1 Skoom | 1 I.list | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2002-0743 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
|
|||||
| CVE-2000-0601 | 1 Leafdigital | 1 Leafchat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.
|
|||||
| CVE-2005-1375 | 1 Claroline | 1 Claroline | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
|
|||||
| CVE-2004-0138 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.
|
|||||
| CVE-1999-0105 | 2025-04-03 | 2.1 LOW | N/A | ||
|
finger allows recursive searches by using a long string of @ symbols.
|
|||||
| CVE-2002-1833 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
|
|||||
| CVE-2004-0007 | 2 Rob Flynn, Ultramagnetic | 2 Gaim, Ultramagnetic | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2006-4066 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.6 LOW | N/A |
|
The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.
|
|||||
| CVE-2006-4337 | 1 Gzip | 1 Gzip | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
|
|||||
| CVE-2005-3303 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
|
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
|
|||||
| CVE-2005-1509 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2002-0042 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS.
|
|||||
| CVE-2000-0786 | 1 Gnu | 1 Userv | 2025-04-03 | 4.6 MEDIUM | N/A |
|
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
|
|||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
|
|||||
| CVE-1999-0949 | 3 Sgi, Sun, Turbolinux | 4 Irix, Solaris, Sunos and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
|
|||||
| CVE-2002-2184 | 1 Digi-net Technologies | 1 Digichat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet.
|
|||||
| CVE-2004-2408 | 1 Vserver | 1 Linux-vserver | 2025-04-03 | 3.6 LOW | N/A |
|
Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.
|
|||||
| CVE-1999-1507 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
|
|||||
| CVE-2005-4328 | 1 University Of Arizona | 1 Webglimpse | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
|||||
| CVE-2004-0337 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future.
|
|||||
| CVE-1999-0440 | 2 Netscape, Sun | 3 Communicator, Navigator, Java | 2025-04-03 | 7.5 HIGH | N/A |
|
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
|
|||||
| CVE-2005-3957 | 1 Dotclear | 1 Dotclear | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.
|
|||||
| CVE-2006-3342 | 1 Olate | 1 Arctic | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.
|
|||||
| CVE-2002-0640 | 1 Openbsd | 1 Openssh | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
|
|||||
| CVE-2001-0585 | 1 Gordano | 1 Ntmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.
|
|||||
| CVE-2006-0567 | 1 Curtis Farnham | 1 Files Xaraya Module | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.
|
|||||
| CVE-2006-3388 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
|
|||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
|
|||||
| CVE-2005-3883 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
|
|||||
| CVE-1999-1207 | 1 Network General | 1 Netxray | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
|
|||||
| CVE-2004-1524 | 1 New Media Generation | 1 Hired Team Trial | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.
|
|||||
| CVE-2004-0640 | 2 Netkit, Ssltelnetd | 2 Linux Netkit, Secure Telnet | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2025-04-03 | 2.6 LOW | N/A |
|
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
|
|||||
| CVE-2004-2359 | 1 Dell | 1 Truemobile 1300 Wlan Mini-pci Card Util Trayapplet | 2025-04-03 | 10.0 HIGH | N/A |
|
Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality.
|
|||||
| CVE-2003-0643 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).
|
|||||
| CVE-2002-1747 | 1 Maxim Krasnyansky | 1 Vtun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB.
|
|||||
| CVE-2002-0237 | 1 Iss | 3 Blackice Agent, Blackice Defender, Realsecure Server Sensor | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets.
|
|||||