Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1262 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.
|
|||||
| CVE-1999-0625 | 2025-04-03 | N/A | N/A | ||
|
The rpc.rquotad service is running.
|
|||||
| CVE-2005-0585 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
|
|||||
| CVE-1999-1289 | 1 Mirabilis | 1 Icq | 2025-04-03 | 7.5 HIGH | N/A |
|
ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.
|
|||||
| CVE-1999-1148 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
|
|||||
| CVE-2006-2737 | 1 Nukedit | 1 Nukedit | 2025-04-03 | 7.5 HIGH | N/A |
|
utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
|
|||||
| CVE-2004-0691 | 1 Trolltech | 1 Qt | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
|
|||||
| CVE-2006-1646 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
|
|||||
| CVE-2004-2486 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-03 | 7.5 HIGH | N/A |
|
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
|
|||||
| CVE-1999-1327 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
|
|||||
| CVE-2006-4303 | 1 Sun | 1 Solaris | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).
|
|||||
| CVE-2006-2588 | 1 Russcom Network | 1 Phpimages | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability.
|
|||||
| CVE-2000-1058 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."
|
|||||
| CVE-2006-3233 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
|
|||||
| CVE-2006-0529 | 1 Ca | 1 Messaging | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.
|
|||||
| CVE-2005-2094 | 1 Sun | 1 One Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
|
|||||
| CVE-2005-4586 | 1 Phpsurveyor | 1 Phpsurveyor | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.
|
|||||
| CVE-2003-0283 | 1 Phorum | 1 Phorum | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
|
|||||
| CVE-2005-1626 | 1 Pico Server | 1 Pico Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.
|
|||||
| CVE-2004-0364 | 1 Symantec | 1 Norton Internet Security | 2025-04-03 | 7.5 HIGH | N/A |
|
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
|
|||||
| CVE-2001-0905 | 1 Procmail | 1 Procmail | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.
|
|||||
| CVE-2003-0872 | 1 Sco | 1 Openserver | 2025-04-03 | 2.1 LOW | N/A |
|
Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.
|
|||||
| CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
|
|||||
| CVE-2006-4798 | 1 Dws Systems Inc. | 1 Sql-ledger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
|
|||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.
|
|||||
| CVE-2005-3663 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2025-04-03 | 7.2 HIGH | N/A |
|
Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
|
|||||
| CVE-2006-0052 | 1 Gnu | 1 Mailman | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
|
|||||
| CVE-1999-1404 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
|
|||||
| CVE-2002-1646 | 1 Ssh | 1 Secure Shell For Servers | 2025-04-03 | 7.5 HIGH | N/A |
|
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
|
|||||
| CVE-2006-2138 | 1 Neomail | 1 Neomail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.
|
|||||
| CVE-2000-0485 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
|
|||||
| CVE-2005-4622 | 1 Efilego | 1 Efilego | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe.
|
|||||
| CVE-2000-0517 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
|
|||||
| CVE-2005-3914 | 1 Affcommerce | 1 Affcommerce | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
|
|||||
| CVE-2004-1696 | 1 Emulive | 1 Server4 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
|
|||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
|
|||||
| CVE-2004-1387 | 1 Apache | 1 Http Server | 2025-04-03 | 2.1 LOW | N/A |
|
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-1999-1281 | 1 Winddance Networks Corporation | 1 Breeze Network Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program.
|
|||||
| CVE-2000-0040 | 1 Glftpd | 1 Glftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.
|
|||||
| CVE-2000-0250 | 1 Qnx | 1 Qnx | 2025-04-03 | 7.2 HIGH | N/A |
|
The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords.
|
|||||