Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1014 | 1 Sco | 1 Unixware | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.
|
|||||
| CVE-2004-2040 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
|
|||||
| CVE-2005-2689 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
|
|||||
| CVE-2006-1810 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 1.9 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile.
|
|||||
| CVE-2005-1371 | 1 Bulletproof | 1 Bulletproof Ftp Server | 2025-04-03 | 7.2 HIGH | N/A |
|
BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges.
|
|||||
| CVE-2004-0795 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
|
|||||
| CVE-2002-1835 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
|
|||||
| CVE-2003-0648 | 2 Debian, Fte | 2 Debian Linux, Fte Text Editor | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
|
|||||
| CVE-2004-1756 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
|
|||||
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
|
|||||
| CVE-1999-1465 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled input interface to an output interface with a logical subinterface, as described by Cisco bug CSCdk43862.
|
|||||
| CVE-2002-1215 | 1 Linux-ha | 1 Heartbeat | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
|
|||||
| CVE-2001-0994 | 1 Marconi | 1 Forethought | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device.
|
|||||
| CVE-2004-1392 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
|
|||||
| CVE-2006-1942 | 3 K-meleon Project, Mozilla, Netscape | 3 K-meleon, Firefox, Navigator | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
|
|||||
| CVE-2006-1264 | 1 Xhawk.net | 1 Discussion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
|
|||||
| CVE-2005-3804 | 1 Cisco | 1 7920 Wireless Ip Phone | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
|
|||||
| CVE-2004-1481 | 1 Realnetworks | 3 Helix Player, Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2005-2144 | 1 Prevx | 1 Prevx Pro 2005 | 2025-04-03 | 2.1 LOW | N/A |
|
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
|
|||||
| CVE-2005-4410 | 1 Nqcontent | 1 Nqcontent | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter.
|
|||||
| CVE-2000-1072 | 1 Netscape | 1 Iplanet Ical | 2025-04-03 | 7.2 HIGH | N/A |
|
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
|
|||||
| CVE-2005-2838 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2004-0996 | 4 Cscope, Debian, Gentoo and 1 more | 4 Cscope, Debian Linux, Linux and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2005-1219 | 1 Microsoft | 1 Image Color Management | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
|
|||||
| CVE-2005-1087 | 1 An | 1 An-httpd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
|
|||||
| CVE-1999-0790 | 1 Netscape | 1 Communicator | 2025-04-03 | 2.6 LOW | N/A |
|
A remote attacker can read information from a Netscape user's cache via JavaScript.
|
|||||
| CVE-2004-0226 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2000-0890 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 1.2 LOW | N/A |
|
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-1999-1097 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
|
|||||
| CVE-2005-0590 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.
|
|||||
| CVE-2006-1216 | 1 Runcms | 1 Runcms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2006-4364 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.
|
|||||
| CVE-2005-0076 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.
|
|||||
| CVE-2005-3632 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
|
|||||
| CVE-2003-1154 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 7.5 HIGH | N/A |
|
MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
|
|||||
| CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
|
|||||
| CVE-2000-0404 | 1 Microsoft | 5 Terminal Server, Windows 2000, Windows 95 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
|
|||||
| CVE-2002-0749 | 1 Cgiscript.net | 1 Csmailto | 2025-04-03 | 7.5 HIGH | N/A |
|
CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.
|
|||||
| CVE-2002-1231 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 2.1 LOW | N/A |
|
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
|
|||||
| CVE-2006-3476 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
|
|||||