Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3688 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Your Current Mood" field in the registration page.
|
|||||
| CVE-2005-1976 | 1 Novell | 1 Netmail | 2025-04-03 | 1.7 LOW | N/A |
|
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.
|
|||||
| CVE-2004-1898 | 1 Tildeslash | 1 Monit | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
|
|||||
| CVE-2006-0253 | 1 Ambicom | 1 Blue Neighbors | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to ussp-push.
|
|||||
| CVE-2004-0800 | 2 Avaya, Sun | 4 Call Management System Server, Dtmail, Solaris and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
|
|||||
| CVE-2006-1506 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
|
|||||
| CVE-2005-0098 | 1 Abuse | 1 Abuse-sdl | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line.
|
|||||
| CVE-2002-0702 | 1 Isc | 1 Dhcpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
|
|||||
| CVE-2006-3723 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02.
|
|||||
| CVE-2000-0287 | 1 Cnc | 1 Technology Bizdb | 2025-04-03 | 10.0 HIGH | N/A |
|
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.
|
|||||
| CVE-2004-1708 | 1 Shawn Webb | 1 Webbsyte Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.
|
|||||
| CVE-2006-2637 | 1 Tuttophp | 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.
|
|||||
| CVE-2003-0453 | 1 Ehud Gavron | 1 Traceroute-nanog | 2025-04-03 | 10.0 HIGH | N/A |
|
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
|
|||||
| CVE-2002-1420 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
|
|||||
| CVE-2005-3890 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 7.8 HIGH | N/A |
|
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs.
|
|||||
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
|
|||||
| CVE-2006-1034 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.
|
|||||
| CVE-2002-1393 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
|
|||||
| CVE-2005-0014 | 1 Ncpfs | 1 Ncpfs | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
|
|||||
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields.
|
|||||
| CVE-2003-0549 | 2 Gnome, Redhat | 4 Gdm, Enterprise Linux, Kdebase and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
|
|||||
| CVE-1999-0364 | 2 Fms Inc., Microsoft | 2 Total Vb Sourcebook, Access | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
|
|||||
| CVE-2002-2101 | 1 Microsoft | 1 Outlook | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
|
|||||
| CVE-2004-1607 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message.
|
|||||
| CVE-2000-0135 | 1 Atretail | 1 Atretail | 2025-04-03 | 7.5 HIGH | N/A |
|
The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2006-3599 | 1 Php-nuke | 1 Advanced Classified Module | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.
|
|||||
| CVE-2006-3718 | 1 Oracle | 1 Exchange | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17.
|
|||||
| CVE-2005-3515 | 1 Chipmunk Scripts | 1 Chipmunk Topsites | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
|||||
| CVE-1999-0948 | 3 Sgi, Sun, Turbolinux | 4 Irix, Solaris, Sunos and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
|
|||||
| CVE-2004-2160 | 1 Xmlstarlet | 1 Command Line Xml Toolkit | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2002-0842 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
|
|||||
| CVE-2005-4859 | 1 Chitta | 1 Mimicboard | 2025-04-03 | 6.4 MEDIUM | N/A |
|
mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat.
|
|||||
| CVE-2004-1130 | 1 Youngzsoft | 1 Cmailserver | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.
|
|||||
| CVE-2006-3125 | 1 Gtetrinet | 1 Gtetrinet | 2025-04-03 | 7.5 HIGH | N/A |
|
Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index.
|
|||||
| CVE-2006-1449 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.
|
|||||
| CVE-2001-1035 | 1 Slrn Development Team | 1 Slrn | 2025-04-03 | 7.5 HIGH | N/A |
|
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
|
|||||
| CVE-2006-1974 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.
|
|||||
| CVE-2005-1843 | 1 Adobe | 1 Version Cue | 2025-04-03 | 4.6 MEDIUM | N/A |
|
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument.
|
|||||
| CVE-2005-2853 | 1 Guppy | 1 Guppy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php.
|
|||||
| CVE-2005-1850 | 1 Ekg | 1 Ekg | 2025-04-03 | 10.0 HIGH | N/A |
|
Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.
|
|||||