Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0850 | 2 Dug Song, Rafal Wojtczuk | 2 Dsniff, Libnids | 2025-04-03 | 7.5 HIGH | N/A |
|
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
|
|||||
| CVE-2002-1062 | 1 T. Hauck | 1 Jana Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.
|
|||||
| CVE-2006-3821 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
|
|||||
| CVE-2001-1218 | 1 Microsoft | 1 Ie | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
|
|||||
| CVE-2005-0134 | 1 Sco | 1 Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.
|
|||||
| CVE-1999-0798 | 5 Bsdi, Freebsd, Openbsd and 2 more | 7 Bsd Os, Freebsd, Openbsd and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
|
|||||
| CVE-2006-4989 | 1 Patrick Michaelis | 1 Wili-cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.
|
|||||
| CVE-2000-0460 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
|
|||||
| CVE-2005-4789 | 1 Suse | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.
|
|||||
| CVE-1999-1201 | 1 Microsoft | 2 Windows 95, Windows 98 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
|
|||||
| CVE-1999-0896 | 1 Realnetworks | 1 Realserver G2 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
|
|||||
| CVE-2004-1332 | 1 Hp | 5 Hp-ux, Hp-ux Series 700, Hp-ux Series 800 and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
|
|||||
| CVE-2004-1561 | 1 Icecast | 1 Icecast | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
|
|||||
| CVE-2006-0191 | 1 Sun | 1 Solaris | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.
|
|||||
| CVE-2005-2914 | 1 Linksys | 1 Wrt54g | 2025-04-03 | 7.5 HIGH | N/A |
|
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
|
|||||
| CVE-2005-1887 | 1 Sun | 1 Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.
|
|||||
| CVE-2005-4673 | 1 Inicom Networks | 1 Ioftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.
|
|||||
| CVE-2006-2766 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
|
|||||
| CVE-2004-1535 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2004-2561 | 1 Internet Sofware Sciences | 1 Web\+center | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.
|
|||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2004-0381 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.
|
|||||
| CVE-2003-0728 | 1 Horde | 1 Horde | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
|
|||||
| CVE-2006-4837 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
|
|||||
| CVE-2005-0108 | 1 Apache | 1 Mod Auth Radius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
|
|||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 2.6 LOW | N/A |
|
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
|
|||||
| CVE-2001-0420 | 1 Way To The Web | 1 Talkback | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
|
|||||
| CVE-2004-2441 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."
|
|||||
| CVE-2005-1806 | 1 Peercast | 1 Peercast | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
|
|||||
| CVE-2006-4197 | 1 Musicbrainz | 2 Libmusicbrainz, Libmusicbrainz Svn | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in ...
Show More |
|||||
| CVE-2004-1693 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2002-1132 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
|
|||||
| CVE-2002-0216 | 1 Xoops | 1 Xoops | 2025-04-03 | 5.0 MEDIUM | N/A |
|
userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter.
|
|||||
| CVE-2003-0725 | 1 Realnetworks | 2 Helix Universal Server, Realserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-1678 | 1 Groove | 2 Groove Workspace, Virtual Office | 2025-04-03 | 2.6 LOW | N/A |
|
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.
|
|||||
| CVE-2000-0247 | 1 Gnqs | 1 Gnqs | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
|
|||||
| CVE-1999-0569 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.
|
|||||
| CVE-2005-4608 | 1 Incogen | 1 Bugport | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.
|
|||||
| CVE-2005-2859 | 1 Savant | 1 Savant Webserver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges.
|
|||||
| CVE-2005-4557 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
|
|||||