Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0939 | 1 Neoteris | 1 Instant Virtual Extranet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack.
|
|||||
| CVE-2004-2431 | 1 The Ignition Project | 1 Ignitionserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.
|
|||||
| CVE-2001-0410 | 1 Trend Micro | 1 Virus Buster 2001 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header.
|
|||||
| CVE-2005-1937 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
|
|||||
| CVE-2006-3665 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
|
|||||
| CVE-2001-1377 | 11 Freeradius, Gnu, Icradius and 8 more | 11 Freeradius, Radius, Icradius and 8 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
|
|||||
| CVE-2005-2271 | 1 Alexander Clauss | 1 Icab | 2025-04-03 | 2.6 LOW | N/A |
|
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
|
|||||
| CVE-2002-0275 | 1 Blueface | 1 Falcon Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
|
|||||
| CVE-2004-1698 | 1 Leadmind | 1 Popmessenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash.
|
|||||
| CVE-2005-1015 | 1 Mailenable | 1 Imapd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
|
|||||
| CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2025-04-03 | 7.5 HIGH | N/A |
|
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
|
|||||
| CVE-2006-4870 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
|
|||||
| CVE-2000-0637 | 1 Microsoft | 1 Excel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
|
|||||
| CVE-2005-3968 | 1 Phpx | 1 Phpx | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
|
|||||
| CVE-2006-1853 | 1 Moderngigabyte | 1 Modernbill | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.
|
|||||
| CVE-2002-0455 | 1 Incredimail | 1 Incredimail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
|
|||||
| CVE-2005-4159 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor
|
|||||
| CVE-2005-0237 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
|
|||||
| CVE-2000-0611 | 1 Netwin | 2 Cwmail, Dmailweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.
|
|||||
| CVE-2001-0844 | 1 Seth Leonard | 2 Book Of Guests, Post It | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
|
|||||
| CVE-2006-1589 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference.
|
|||||
| CVE-2006-2976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
|
|||||
| CVE-2006-2765 | 1 Interlink Advantage | 1 Interlink Advantage | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter.
|
|||||
| CVE-2002-1193 | 1 Tkmail | 1 Tkmail | 2025-04-03 | 2.1 LOW | N/A |
|
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
|
|||||
| CVE-2006-1709 | 1 Interaktiv | 1 Interaktiv.shop | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
|
|||||
| CVE-2006-1334 | 1 Maian Script World | 1 Maian Weblog | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
|
|||||
| CVE-2000-0301 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
|
|||||
| CVE-2004-2625 | 1 Outblaze | 1 Outblaze Email | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
|
|||||
| CVE-2003-0720 | 1 University Of Washington | 1 Pine | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
|
|||||
| CVE-2006-1151 | 1 M Phorum | 1 M Phorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter.
|
|||||
| CVE-1999-1584 | 1 Sun | 2 Openwindows, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
|
|||||
| CVE-2005-0160 | 1 E-merge | 1 Unace | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.
|
|||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement.
|
|||||
| CVE-2005-4357 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
|
|||||
| CVE-2003-0040 | 2 Double Precision Incorporated, Inter7 | 2 Courier Mta, Courier-imap | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
|
|||||
| CVE-2000-0680 | 1 Cvs | 1 Cvs | 2025-04-03 | 7.2 HIGH | N/A |
|
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
|
|||||
| CVE-2006-0474 | 1 Shareaza | 1 Shareaza | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.
|
|||||
| CVE-2006-2232 | 1 Scriptsez | 1 Cute Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.
|
|||||
| CVE-2006-0599 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.
|
|||||
| CVE-2001-0421 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 6.4 MEDIUM | N/A |
|
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
|
|||||