Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1279 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
|
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
|
|||||
| CVE-2006-2718 | 1 Jiwa | 1 Financials | 2025-04-03 | 6.5 MEDIUM | N/A |
|
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
|
|||||
| CVE-2002-0412 | 1 Luca Deri | 1 Ntop | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
|
|||||
| CVE-2005-3153 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
|
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
|
|||||
| CVE-2004-2209 | 1 Ideal Science | 1 Idealbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2005-1815 | 1 Hummingbird | 1 Connectivity | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe).
|
|||||
| CVE-2006-0465 | 1 Active121 | 1 Site Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter.
|
|||||
| CVE-2005-3416 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.
|
|||||
| CVE-1999-0691 | 4 Cde, Digital, Ibm and 1 more | 5 Cde, Unix, Aix and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
|
|||||
| CVE-2001-0468 | 1 Ftpfs | 1 Ftpfs | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in FTPFS allows local users to gain root privileges via a long user name.
|
|||||
| CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.
|
|||||
| CVE-2004-1980 | 1 Props | 1 Props | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. (dot dot) in (1) module or (2) format variables.
|
|||||
| CVE-2003-1155 | 1 X-cd-roast | 1 X-cd-roast | 2025-04-03 | 4.6 MEDIUM | N/A |
|
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.
|
|||||
| CVE-2000-0002 | 1 Zbsoft | 1 Zbserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.
|
|||||
| CVE-2004-2109 | 1 Quadcomm | 1 Q-shop | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.
|
|||||
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file.
|
|||||
| CVE-2001-0233 | 3 Debian, Matthew Smith, Redhat | 3 Debian Linux, Micq, Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.
|
|||||
| CVE-2000-0509 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
|
|||||
| CVE-2005-0706 | 1 Grip | 1 Grip | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
|
|||||
| CVE-2004-2635 | 1 Mcafee | 1 Security Installer Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.
|
|||||
| CVE-2000-0360 | 1 Isc | 1 Inn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
|
|||||
| CVE-2005-3045 | 1 My Little Homepage | 1 My Little Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field.
|
|||||
| CVE-1999-0427 | 1 Qualcomm | 3 Eudora, Eudora Light, Eudora Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names.
|
|||||
| CVE-2000-0665 | 1 Gamsoft | 1 Telsrv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.
|
|||||
| CVE-2005-4729 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
|
|||||
| CVE-2004-0848 | 1 Microsoft | 6 Office, Powerpoint, Project and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
|
|||||
| CVE-2005-3737 | 1 Inkscape | 1 Inkscape | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
|
|||||
| CVE-2006-3315 | 1 Rahnemaco | 1 Rahnemaco | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter.
|
|||||
| CVE-2006-3468 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
|
|||||
| CVE-2005-3290 | 1 Accelerated Enterprise Solutions | 1 Accelerated Mortgage Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Accelerated Mortgage Manager allows remote attackers to execute arbitrary SQL commands via the password field.
|
|||||
| CVE-2005-1027 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
|
|||||
| CVE-2005-4329 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.
|
|||||
| CVE-2006-1434 | 1 Annuaire | 1 Directory | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter).
|
|||||
| CVE-2005-0922 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
|
|||||
| CVE-2001-0917 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
|
|||||
| CVE-2005-3408 | 1 Greg Neustaetter | 1 Gcards | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.
|
|||||
| CVE-2005-0623 | 1 Raidenhttpd | 1 Raidenhttpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.
|
|||||
| CVE-2006-1258 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
|
|||||
| CVE-2002-0347 | 1 Sun | 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
|
|||||
| CVE-2006-3085 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.
|
|||||