Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1000 | 1 Analogx | 1 Simpleserver Shout | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001.
|
|||||
| CVE-2005-3219 | 1 Avira | 1 Antivir Personal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2004-2511 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
|
|||||
| CVE-2004-0985 | 1 Microsoft | 1 Ie | 2025-04-03 | 10.0 HIGH | N/A |
|
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
|
|||||
| CVE-2004-0628 | 1 Mysql | 1 Mysql | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
|
|||||
| CVE-2004-2199 | 1 Duware | 1 Duclassified | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
|
|||||
| CVE-1999-0296 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Solaris volrmmount program allows attackers to read any file.
|
|||||
| CVE-1999-0367 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
NetBSD netstat command allows local users to access kernel memory.
|
|||||
| CVE-2006-0173 | 1 Hummingbird | 1 Enterprise Collaboration | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.
|
|||||
| CVE-2002-0445 | 1 Php Firstpost | 1 Php Firstpost | 2025-04-03 | 5.0 MEDIUM | N/A |
|
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
|
|||||
| CVE-2004-1244 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
|
|||||
| CVE-2005-0576 | 1 Sun | 1 Solaris | 2025-04-03 | 3.6 LOW | N/A |
|
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
|
|||||
| CVE-2006-2865 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod
|
|||||
| CVE-2004-0764 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 10.0 HIGH | N/A |
|
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
|
|||||
| CVE-2001-0911 | 2 Francisco Burzi, Postnuke Software Foundation | 2 Php-nuke, Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
|
|||||
| CVE-2002-0675 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone.
|
|||||
| CVE-2005-2676 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.
|
|||||
| CVE-2006-0563 | 1 Pluggedout | 1 Pluggedout Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.
|
|||||
| CVE-2005-2403 | 1 Realchat | 1 Realchat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The login protocol in RealChat 3.5.1b does not use authentication, which allows remote attackers to log on as other users by sniffing the beginning of a chat session and replaying it via a modified username.
|
|||||
| CVE-2001-1400 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
|
|||||
| CVE-2005-1472 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.
|
|||||
| CVE-1999-0639 | 2025-04-03 | N/A | N/A | ||
|
The chargen service is running.
|
|||||
| CVE-2005-0481 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script.
|
|||||
| CVE-2001-0415 | 1 Redi | 1 Rediplus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
|
|||||
| CVE-2006-4720 | 1 Mcgallery | 1 Mcgallery Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
|
|||||
| CVE-2004-0557 | 4 Conectiva, Gentoo, Redhat and 1 more | 6 Linux, Linux, Enterprise Linux and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
|
|||||
| CVE-2004-2614 | 1 Xuebrothers | 1 Myweb | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-1999-0129 | 7 Bsdi, Eric Allman, Freebsd and 4 more | 9 Bsd Os, Sendmail, Freebsd and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
|
|||||
| CVE-2003-0866 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
|
|||||
| CVE-1999-0160 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
|
|||||
| CVE-1999-0355 | 1 Broadcom | 1 Controlit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.
|
|||||
| CVE-2005-0817 | 1 Symantec | 4 Enterprise Firewall, Gateway Security 5300, Gateway Security 5400 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites.
|
|||||
| CVE-2001-0422 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
|
|||||
| CVE-2006-4385 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
|
|||||
| CVE-2005-3487 | 1 Scorched 3d | 1 Scorched 3d | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.
|
|||||
| CVE-2001-0846 | 1 Lotus | 1 Domino | 2025-04-03 | 10.0 HIGH | N/A |
|
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
|
|||||
| CVE-2006-1803 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
|
|||||
| CVE-2005-4370 | 1 Acidcat | 1 Acidcat | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp.
|
|||||
| CVE-1999-0480 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 2.1 LOW | N/A |
|
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.
|
|||||
| CVE-2006-0620 | 1 Qnx | 1 Rtos | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.
|
|||||