Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0386 | 1 Mailreader.com | 1 Mailreader.com | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages.
|
|||||
| CVE-2005-1783 | 1 W.m.r. Simpson | 1 Bookreview | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
|
|||||
| CVE-2005-2796 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
|
|||||
| CVE-2005-0937 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 1.2 LOW | N/A |
|
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.
|
|||||
| CVE-2005-3278 | 1 Jan Kybic | 1 Bitmap Viewer | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the openpsfile function in gsinterf.c for Jan Kybic BitMap Viewer (BMV) 1.2 allows local users to execute arbitrary code via a PostScript (PS) file containing a large number of pages value, which leads to a resultant buffer overflow.
|
|||||
| CVE-2004-2476 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
|
|||||
| CVE-2001-0824 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
|
|||||
| CVE-2006-0662 | 1 Ibm | 1 Lotus Domino Inotes Client | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
|
|||||
| CVE-2005-3523 | 1 Gpsdrive | 1 Gpsdrive | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
|
|||||
| CVE-2004-1978 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
|
|||||
| CVE-2000-0846 | 1 Ashley Montanaro | 1 Darxite | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.
|
|||||
| CVE-2004-0631 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.
|
|||||
| CVE-2006-4669 | 1 Somery | 1 Somery | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter.
|
|||||
| CVE-1999-1184 | 1 Elm Development Group | 1 Elm | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Elm 2.4 and earlier allows local users to gain privileges via a long TERM environmental variable.
|
|||||
| CVE-2006-1146 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server.
|
|||||
| CVE-2002-2222 | 2 Freebsd, Openbsd | 2 Ports Collection, Openbsd | 2025-04-03 | 5.1 MEDIUM | N/A |
|
isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.
|
|||||
| CVE-2001-0030 | 1 Smartstuff | 1 Foolproof Security | 2025-04-03 | 7.2 HIGH | N/A |
|
FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them.
|
|||||
| CVE-1999-0905 | 1 Axent | 1 Raptor Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Axent Raptor firewall via malformed zero-length IP options.
|
|||||
| CVE-2002-1286 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user.
|
|||||
| CVE-2001-1257 | 1 Horde | 1 Imp | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
|
|||||
| CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
|
|||||
| CVE-2004-1151 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.
|
|||||
| CVE-2005-3127 | 1 Lucidcms | 1 Lucidcms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string.
|
|||||
| CVE-2004-2158 | 1 S9y | 1 Serendipity | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
|
|||||
| CVE-2005-2366 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.
|
|||||
| CVE-1999-0323 | 4 Bsdi, Freebsd, Netbsd and 1 more | 4 Bsd Os, Freebsd, Netbsd and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
FreeBSD mmap function allows users to modify append-only or immutable files.
|
|||||
| CVE-2002-0454 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
|
|||||
| CVE-2006-2034 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
|
|||||
| CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2025-04-03 | 7.5 HIGH | N/A |
|
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
|
|||||
| CVE-2002-2133 | 1 Telindus | 1 1120 Adsl Router | 2025-04-03 | 10.0 HIGH | N/A |
|
Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password.
|
|||||
| CVE-2002-0595 | 1 Webtrends | 1 Reporting Center | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.
|
|||||
| CVE-2006-0537 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.
|
|||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
|
|||||
| CVE-2005-3947 | 1 Sergey Korostel | 1 Php Upload Center | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter.
|
|||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2025-04-03 | 7.5 HIGH | N/A |
|
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
|
|||||
| CVE-1999-1280 | 1 Hummingbird | 1 Exceed | 2025-04-03 | 7.5 HIGH | N/A |
|
Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file.
|
|||||
| CVE-2006-4714 | 1 Spoonlabs | 1 Vivvo Article Management Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.
|
|||||
| CVE-2005-3186 | 2 Gnome, Gtk | 2 Gdkpixbuf, Gtk\+ | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2002-1710 | 1 Basilix | 1 Basilix Webmail | 2025-04-03 | 3.6 LOW | N/A |
|
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
|
|||||
| CVE-2004-0161 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients.
|
|||||