Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3224 | 1 Apple | 1 Safari | 2025-04-03 | 5.4 MEDIUM | N/A |
|
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.
|
|||||
| CVE-2005-3918 | 1 Ovbb | 1 Ovbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.
|
|||||
| CVE-2005-3029 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to execute arbitrary code via a long filname in an ACE archive.
|
|||||
| CVE-2001-1392 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
|
|||||
| CVE-2006-3919 | 1 Sd Studio | 1 Sd Studio Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters.
|
|||||
| CVE-2001-0326 | 1 Oracle | 2 Application Server, Oracle8i | 2025-04-03 | 7.5 HIGH | N/A |
|
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
|
|||||
| CVE-2005-2294 | 1 Oracle | 1 Forms | 2025-04-03 | 2.1 LOW | N/A |
|
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
|
|||||
| CVE-2005-3488 | 1 Scorched 3d | 1 Scorched 3d | 2025-04-03 | 7.8 HIGH | N/A |
|
Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check in ServerConnectHandler.cpp.
|
|||||
| CVE-2005-3399 | 1 Cat | 1 Quick Heal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
|
|||||
| CVE-2006-1932 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 10.0 HIGH | N/A |
|
Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors.
|
|||||
| CVE-2001-0227 | 1 Biblioscape | 1 Biblioweb Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
|
|||||
| CVE-2006-2204 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.5 MEDIUM | N/A |
|
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
|
|||||
| CVE-2005-0316 | 1 Webwasher | 1 Webwasher Classic | 2025-04-03 | 7.5 HIGH | N/A |
|
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2004-1138 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 7.2 HIGH | N/A |
|
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
|
|||||
| CVE-2002-2125 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2004-1051 | 5 Debian, Mandrakesoft, Todd Miller and 2 more | 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
|
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
|
|||||
| CVE-1999-0183 | 2 Linux, Tftp | 2 Linux Kernel, Tftp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Linux implementations of TFTP would allow access to files outside the restricted directory.
|
|||||
| CVE-2005-3160 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.
|
|||||
| CVE-2002-0597 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
|
|||||
| CVE-2006-4436 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.
|
|||||
| CVE-2002-1813 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.
|
|||||
| CVE-2002-0708 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences.
|
|||||
| CVE-2005-0725 | 1 Wf-sections | 1 Wf-sections | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
|
|||||
| CVE-1999-0404 | 1 Smartmax Software | 1 Mailmax | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
|
|||||
| CVE-2005-3569 | 1 Ibm | 1 Db2 Content Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files.
|
|||||
| CVE-2004-1956 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
|
|||||
| CVE-2003-0339 | 1 Wsmp3 | 2 Wsmp3 Daemon, Wsmp3 Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests.
|
|||||
| CVE-2005-2699 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.
|
|||||
| CVE-1999-0650 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
The netstat service is running, which provides sensitive information to remote attackers.
|
|||||
| CVE-2003-0409 | 1 Brs | 1 Webweaver | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request.
|
|||||
| CVE-2004-1958 | 1 Epic Games | 3 Unreal Engine, Unreal Tournament, Unreal Tournament 2003 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.
|
|||||
| CVE-2003-0611 | 1 Xtokkaetama | 1 Xtokkaetama | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable.
|
|||||
| CVE-2006-4142 | 1 Vwar | 1 Virtual War | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
|
|||||
| CVE-1999-0921 | 1 Bmc | 1 Patrol Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
|
|||||
| CVE-2001-0152 | 1 Microsoft | 1 Plus | 2025-04-03 | 2.1 LOW | N/A |
|
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
|
|||||
| CVE-1999-1112 | 1 Irfanview | 1 Irfanview | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header.
|
|||||
| CVE-1999-0072 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX xdat gives root access to local users.
|
|||||
| CVE-2005-2973 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
|
|||||
| CVE-2005-4318 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
|
|||||
| CVE-2005-2083 | 1 Truenorth Software | 1 Ia Emailserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument.
|
|||||