Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3751 | 1 Apsis | 1 Pound | 2025-04-03 | 4.3 MEDIUM | N/A |
|
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
|
|||||
| CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2004-0733 | 1 Ollydbg | 1 Ollydbg | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
|
|||||
| CVE-1999-1335 | 1 Redhat | 1 Linux | 2025-04-03 | 6.4 MEDIUM | N/A |
|
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
|
|||||
| CVE-2004-0717 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2025-04-03 | 7.5 HIGH | N/A |
|
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
|
|||||
| CVE-2004-2559 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | 7.5 HIGH | N/A |
|
DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.
|
|||||
| CVE-2001-1066 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-1999-1340 | 1 Hylafax | 1 Hylafax | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument.
|
|||||
| CVE-2001-0843 | 1 Squid | 1 Squid Web Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
|
|||||
| CVE-2004-1186 | 1 Gnu | 1 Enscript | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
|
|||||
| CVE-2005-3722 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2025-04-03 | 7.5 HIGH | N/A |
|
The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.
|
|||||
| CVE-2002-1565 | 1 Immunix | 1 Immunix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.
|
|||||
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
|
|||||
| CVE-2004-0380 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 10.0 HIGH | N/A |
|
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
|
|||||
| CVE-2006-1732 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
|
|||||
| CVE-1999-1065 | 1 Palm Pilot | 1 Hotsync Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode.
|
|||||
| CVE-2002-1534 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.
|
|||||
| CVE-2005-2342 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Router | 2025-04-03 | 7.8 HIGH | N/A |
|
Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets.
|
|||||
| CVE-2005-4811 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function.
|
|||||
| CVE-2004-1645 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.
|
|||||
| CVE-1999-0292 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service through Winpopup using large user names.
|
|||||
| CVE-2000-0122 | 1 Microsoft | 1 Frontpage | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
|
|||||
| CVE-2002-1885 | 1 Powerphlogger | 1 Powerphlogger | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter.
|
|||||
| CVE-2002-2180 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
|
|||||
| CVE-2005-1641 | 1 The Ignition Project | 1 Ignitionserver | 2025-04-03 | 2.1 LOW | N/A |
|
mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.
|
|||||
| CVE-2004-0690 | 1 Kde | 1 Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
|
|||||
| CVE-2003-1363 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
|
|||||
| CVE-2005-0848 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl.
|
|||||
| CVE-2006-0917 | 1 Melange | 1 Melange Chat System | 2025-04-03 | 2.1 LOW | N/A |
|
Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link.
|
|||||
| CVE-2005-3717 | 1 Utstarcom | 1 F1000 Voip Wifi Phone | 2025-04-03 | 7.5 HIGH | N/A |
|
The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system.
|
|||||
| CVE-2005-1760 | 1 Redhat | 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
|
|||||
| CVE-1999-0661 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
|
|||||
| CVE-1999-1523 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
|
|||||
| CVE-2006-2714 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID.
|
|||||
| CVE-2000-0938 | 1 Samba | 1 Samba | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
|
|||||
| CVE-2004-0897 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
|
|||||
| CVE-2001-0498 | 1 Oracle | 1 Oracle8i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
|
|||||
| CVE-2002-2163 | 1 Killervault | 1 Kvpoll | 2025-04-03 | 4.0 MEDIUM | N/A |
|
KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php.
|
|||||
| CVE-2000-0058 | 1 Handspring | 1 Visor Network Hotsync | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files.
|
|||||
| CVE-2005-4252 | 1 Mcgallery | 1 Mcgallery Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters.
|
|||||