Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1149 | 1 Computer Software Manufaktur | 1 Csm Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port.
|
|||||
| CVE-1999-1384 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.
|
|||||
| CVE-2004-1097 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.
|
|||||
| CVE-2005-2437 | 1 Website Baker | 1 Website Baker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code.
|
|||||
| CVE-2006-0765 | 1 Mirabilis | 2 Icq, Icq Lite | 2025-04-03 | 5.1 MEDIUM | N/A |
|
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
|
|||||
| CVE-2004-1022 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
|
|||||
| CVE-2003-1114 | 1 Mediatrix Telecom | 1 Voip Access Devices And Gateways | 2025-04-03 | 7.5 HIGH | N/A |
|
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
|
|||||
| CVE-2005-2775 | 1 Phpwebnotes | 1 Phpwebnotes | 2025-04-03 | 7.5 HIGH | N/A |
|
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter.
|
|||||
| CVE-2002-0441 | 1 Jerrett Taylor | 1 Php Imglist | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter.
|
|||||
| CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | 5.0 MEDIUM | N/A |
|
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
|
|||||
| CVE-2002-0206 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
|
|||||
| CVE-2002-1595 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.
|
|||||
| CVE-2001-1250 | 1 Vwebserver | 1 Vwebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
|
|||||
| CVE-2006-4835 | 1 Bluview | 1 Blue Magic Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
|
|||||
| CVE-2005-0011 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
|
|||||
| CVE-2003-0260 | 1 Cisco | 6 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3015 Concentrator and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets.
|
|||||
| CVE-2004-1682 | 1 Qnx | 1 Rtp | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
|
|||||
| CVE-2005-2568 | 1 Syscp Team | 1 Syscp | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.
|
|||||
| CVE-2002-1471 | 1 Ximian | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
|
|||||
| CVE-2006-0221 | 1 Ddsn | 1 Cm3cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
|
|||||
| CVE-2005-4149 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
|
|||||
| CVE-2004-2248 | 1 Goosequill | 1 Remoteeditor | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."
|
|||||
| CVE-2005-3190 | 1 Broadcom | 1 Igateway | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
|
|||||
| CVE-2005-0086 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.
|
|||||
| CVE-1999-1338 | 1 Delegate | 1 Delegate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions.
|
|||||
| CVE-2005-2404 | 1 Sendcard | 1 Sendcard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2001-0149 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
|
|||||
| CVE-2005-0531 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
|
|||||
| CVE-2002-2040 | 1 Qnx | 1 Rtos | 2025-04-03 | 7.2 HIGH | N/A |
|
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
|
|||||
| CVE-2002-1244 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command.
|
|||||
| CVE-2006-1959 | 1 Actualscripts | 1 Actualanalyzer | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.
|
|||||
| CVE-2003-0390 | 1 James Theiler | 1 Opt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
|
|||||
| CVE-2006-4751 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.
|
|||||
| CVE-2006-0049 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
|
|||||
| CVE-2002-1282 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
|
|||||
| CVE-2005-1517 | 1 Cisco | 1 Firewall Services Module | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).
|
|||||
| CVE-2006-1653 | 1 Angelinecms | 1 Angelinecms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter.
|
|||||
| CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
|
|||||
| CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
|
|||||
| CVE-1999-1391 | 1 Next | 1 Next | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions.
|
|||||