Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1010 | 2 Openbsd, Redhat | 2 Openbsd, Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
|
|||||
| CVE-2006-4764 | 1 Wtools | 1 Wtools | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
|
|||||
| CVE-2005-3903 | 1 Sco | 1 Unixware | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063.
|
|||||
| CVE-2000-0652 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
|
|||||
| CVE-2003-0075 | 1 Bladeenc | 1 Bladeenc | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
|
|||||
| CVE-2005-2786 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
|
|||||
| CVE-2006-0838 | 1 Micromuse | 1 Netcool Neusecure | 2025-04-03 | 2.1 LOW | N/A |
|
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
|
|||||
| CVE-2006-1100 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.
|
|||||
| CVE-2003-0945 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.5 HIGH | N/A |
|
The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities.
|
|||||
| CVE-2005-2296 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
|
|||||
| CVE-2005-3922 | 1 Panda | 19 Panda Activescan, Panda Antivirus, Panda Antivirus Platinum and 16 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
|
|||||
| CVE-1999-0589 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A system-critical Windows NT registry key has inappropriate permissions.
|
|||||
| CVE-2000-0610 | 1 Netwin | 2 Cwmail, Dmailweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.
|
|||||
| CVE-2003-0263 | 1 Floosietek | 1 Ftgatepro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands.
|
|||||
| CVE-2005-4547 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields.
|
|||||
| CVE-2000-0464 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.6 HIGH | N/A |
|
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
|
|||||
| CVE-2000-0438 | 4 Caldera, Slackware, Suse and 1 more | 4 Openlinux, Slackware Linux, Suse Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
|
|||||
| CVE-2006-0137 | 1 Phanatic Softwares | 1 Chimera Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
|
|||||
| CVE-2006-1504 | 1 Arab Portal | 1 Arab Portal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php.
|
|||||
| CVE-2004-0927 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
|
|||||
| CVE-1999-0963 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
|
|||||
| CVE-2004-1891 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.
|
|||||
| CVE-2006-1122 | 1 D2ksoft | 1 D2kblog | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2005-2623 | 1 Ecw-shop | 1 Ecw-shop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.
|
|||||
| CVE-2002-0111 | 1 Funsoft | 1 Dinos Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.
|
|||||
| CVE-1999-0733 | 1 Vmware | 1 Workstation | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.
|
|||||
| CVE-1999-0268 | 1 Metainfo | 1 Metaweb | 2025-04-03 | 10.0 HIGH | N/A |
|
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
|
|||||
| CVE-2006-3280 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
|
|||||
| CVE-2004-0616 | 1 Bt | 1 Voyager 2000 Wireless Adsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext.
|
|||||
| CVE-2001-1552 | 1 Microsoft | 1 Windows Me | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
|
|||||
| CVE-2005-1519 | 1 Squid | 1 Squid | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
|
|||||
| CVE-2005-4314 | 1 Ppcal Shopping Cart | 1 Ppcal Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters.
|
|||||
| CVE-2005-1499 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
|
delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.
|
|||||
| CVE-2006-0387 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
|
|||||
| CVE-2004-2412 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.
|
|||||
| CVE-2004-1638 | 1 Tabs Laboratories | 1 Mailcarrier | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
|
|||||
| CVE-2001-0230 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
|
|||||
| CVE-2001-0902 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
|
|||||
| CVE-2001-0648 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
|
|||||