Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0048 | 1 Francesco Stablum | 1 Tcpick | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread.
|
|||||
| CVE-2005-1789 | 1 India Software Solution | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password.
|
|||||
| CVE-2001-1469 | 1 Ssh | 1 Ssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
|
|||||
| CVE-2005-1401 | 1 Mtp-target | 1 Mtp-target | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text.
|
|||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.
|
|||||
| CVE-2005-0586 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
|
|||||
| CVE-2001-0360 | 1 Ikonboard.com | 1 Ikonboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter.
|
|||||
| CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
|
|||||
| CVE-2006-3636 | 1 Gnu | 1 Mailman | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2001-0105 | 1 Hp | 1 Hp-ux | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
|
|||||
| CVE-2006-3217 | 1 Jaguarsoft | 1 Jaguaredit | 2025-04-03 | 2.6 LOW | N/A |
|
JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.
|
|||||
| CVE-2006-3178 | 1 Jed Wing | 1 Chm Lib | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.
|
|||||
| CVE-2004-1001 | 1 Debian | 1 Shadow | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
|
|||||
| CVE-2000-1129 | 1 Network Associates | 1 Webshield Smtp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
|
|||||
| CVE-2002-0353 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.
|
|||||
| CVE-2006-1915 | 1 Dbbs | 1 Dbbs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the fcategoryid parameter.
|
|||||
| CVE-2005-3333 | 1 Ebase | 1 Ebaseweb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2002-1807 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
|||||
| CVE-2005-3697 | 1 Uresk Links | 1 Uresk Links | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php.
|
|||||
| CVE-2002-1588 | 1 Sun | 1 Openwindows | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.
|
|||||
| CVE-2005-3991 | 1 Phpheaven | 1 Phpmychat | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php.
|
|||||
| CVE-1999-0662 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.
|
|||||
| CVE-1999-0710 | 1 Redhat | 1 Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
|
|||||
| CVE-2004-0089 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
|
|||||
| CVE-2005-0644 | 1 Mcafee | 1 Antivirus Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643.
|
|||||
| CVE-2003-0485 | 1 Progress | 1 4gl Compiler | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.
|
|||||
| CVE-2006-3598 | 1 Php-nuke | 1 Sections Module | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op.
|
|||||
| CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
|
|||||
| CVE-2005-2668 | 2 Broadcom, Ca | 28 Advantage Data Transport, Adviseit, Brightstor Portal and 25 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2002-0228 | 1 Microsoft | 1 Msn Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites).
|
|||||
| CVE-2002-0155 | 1 Microsoft | 3 Msn Chat Control, Msn Messenger, Msn Messenger Service For Exchange | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
|
|||||
| CVE-2005-3876 | 1 Td-systems | 2 Adc2000 Ng Pro, Adc2000 Ng Pro Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters.
|
|||||
| CVE-2005-3421 | 1 Hyper Estraier | 1 Hyper Estraier | 2025-04-03 | 5.0 MEDIUM | N/A |
|
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
|
|||||
| CVE-2006-4548 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the ...
Show More |
|||||
| CVE-2000-0736 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message.
|
|||||
| CVE-2006-0635 | 1 Fabrice Bellard | 1 Tiny C Compiler | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
|
|||||
| CVE-2006-3746 | 1 Gnupg | 1 Gnupg | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
|
|||||
| CVE-2005-1172 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
|
|||||
| CVE-2002-1214 | 1 Microsoft | 3 Windows 2000, Windows 2000 Terminal Services, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
|
|||||
| CVE-2005-2187 | 1 Mcafee | 1 Intrushield Security Management System | 2025-04-03 | 4.6 MEDIUM | N/A |
|
McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.
|
|||||