Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0060 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.5 HIGH | N/A |
|
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
|
|||||
| CVE-2005-4316 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.8 HIGH | N/A |
|
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
|
|||||
| CVE-2006-2348 | 1 Oasyssoft | 1 E-business Designer | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
|
|||||
| CVE-2005-3692 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.
|
|||||
| CVE-2005-0300 | 1 Jsboard | 1 Jsboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter.
|
|||||
| CVE-2005-4418 | 1 Vserver | 1 Util-vserver | 2025-04-03 | 7.5 HIGH | N/A |
|
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.
|
|||||
| CVE-2006-3884 | 1 Gonafish | 1 Linkscaffe | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.
|
|||||
| CVE-2006-1066 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 1.2 LOW | N/A |
|
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.
|
|||||
| CVE-2002-1103 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets.
|
|||||
| CVE-2005-4511 | 1 Curtis Hawthorne | 1 Tn3270 Resource Gateway | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls.
|
|||||
| CVE-2001-0394 | 1 Oreilly | 1 Website Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
|
|||||
| CVE-2004-2140 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.
|
|||||
| CVE-2005-4833 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.
|
|||||
| CVE-2001-1489 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
|
|||||
| CVE-2000-0875 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.
|
|||||
| CVE-2001-0518 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
|
|||||
| CVE-2004-2619 | 1 Paul L Daniels | 1 Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
|
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
|
|||||
| CVE-2004-0329 | 1 Freechat | 1 Freechat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".
|
|||||
| CVE-2004-0189 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
|
|||||
| CVE-2002-1170 | 1 Net-snmp | 1 Net-snmp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
|
|||||
| CVE-2001-1393 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
|
|||||
| CVE-2006-1098 | 1 Digital Builder | 1 Nz Ecommerce | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem
|
|||||
| CVE-2004-0572 | 1 Microsoft | 1 Grpconv | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.
|
|||||
| CVE-2004-1554 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-3829 | 1 Activecampaign | 1 Knowledgebuilder | 2025-04-03 | 7.8 HIGH | N/A |
|
index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.
|
|||||
| CVE-2005-0836 | 1 Sun | 1 J2se | 2025-04-03 | 10.0 HIGH | N/A |
|
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
|
|||||
| CVE-2005-3740 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
|
|||||
| CVE-2005-0125 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
|
|||||
| CVE-2001-0202 | 1 Informs | 1 Picserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request.
|
|||||
| CVE-2005-1906 | 1 Livingmailing | 1 Livingmailing | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement is no longer available.
|
|||||
| CVE-2005-3867 | 1 Wwwsearchsolutions | 1 Revenuepilot Search Engine Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.
|
|||||
| CVE-2005-4202 | 1 Logisphere | 1 Logisphere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL.
|
|||||
| CVE-2005-2880 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php.
|
|||||
| CVE-2002-0900 | 1 Mit | 1 Pgp Public Key Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
|
|||||
| CVE-2006-2279 | 1 Arabless | 1 Saphplesson | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.
|
|||||
| CVE-2002-0294 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 2.1 LOW | N/A |
|
Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.
|
|||||
| CVE-2006-3159 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2025-04-03 | 2.1 LOW | N/A |
|
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
|
|||||
| CVE-2003-0679 | 1 Sgi | 1 Irix | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files.
|
|||||
| CVE-2004-2626 | 1 Siemens | 1 S55 | 2025-04-03 | 3.7 LOW | N/A |
|
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
|
|||||
| CVE-2002-0622 | 1 Microsoft | 1 Commerce Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
|
|||||