Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2166 | 1 Frozenplague.net | 1 Plague News System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2003-1143 | 1 Croteam | 1 Serioussam | 2025-04-03 | 7.5 HIGH | N/A |
|
Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.
|
|||||
| CVE-2002-1521 | 1 Mdg Computer Services | 1 Web Server 4d | 2025-04-03 | 2.1 LOW | N/A |
|
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.
|
|||||
| CVE-2001-1457 | 1 Nobreak Technologies | 1 Crazywwwboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable.
|
|||||
| CVE-2006-1178 | 1 Tamarack Consulting | 1 Tamarack Mmsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets.
|
|||||
| CVE-2006-2079 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
|
|||||
| CVE-2005-4324 | 1 Hitachi | 1 Groupmax Mail Smtp | 2025-04-03 | 7.8 HIGH | N/A |
|
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."
|
|||||
| CVE-2002-0888 | 1 3com | 1 3cp4144 | 2025-04-03 | 7.5 HIGH | N/A |
|
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.
|
|||||
| CVE-2003-1200 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
|
|||||
| CVE-2001-1322 | 1 Xinetd | 1 Xinetd | 2025-04-03 | 3.6 LOW | N/A |
|
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
|
|||||
| CVE-2004-2274 | 1 W3c | 1 Jigsaw | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.
|
|||||
| CVE-2005-1338 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext.
|
|||||
| CVE-1999-0432 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ftp on HP-UX 11.00 allows local users to gain privileges.
|
|||||
| CVE-2003-0266 | 1 Bvrp Software | 1 Slwebmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
|
|||||
| CVE-2003-1174 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
|
|||||
| CVE-2003-0882 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
|
|||||
| CVE-2006-1281 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.
|
|||||
| CVE-2004-1074 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-03 | 2.1 LOW | N/A |
|
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
|
|||||
| CVE-2006-1943 | 1 Smarter Scripts | 1 Intellilink Pro | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.
|
|||||
| CVE-2003-0750 | 1 Py-membres | 1 Py-membres | 2025-04-03 | 7.5 HIGH | N/A |
|
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter.
|
|||||
| CVE-2005-0925 | 1 Uapplication | 1 Ublog Reload | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2002-2337 | 1 Kaspersky Lab | 1 Kaspersky Anti-hacker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
|
|||||
| CVE-1999-1464 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564.
|
|||||
| CVE-2000-1095 | 5 Conectiva, Immunix, Mandrakesoft and 2 more | 5 Linux, Immunix, Mandrake Linux and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
|
|||||
| CVE-1999-1533 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 7.5 HIGH | N/A |
|
Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service.
|
|||||
| CVE-2006-1619 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header.
|
|||||
| CVE-2001-0168 | 1 Att | 1 Winvnc | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
|
|||||
| CVE-2006-3108 | 1 Emailarchitect | 1 Email Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter.
|
|||||
| CVE-2006-1520 | 1 Libspf | 1 Libspf | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.
|
|||||
| CVE-2006-4742 | 1 Idevspot | 1 Phplinkexchange | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||
| CVE-2000-1016 | 1 Suse | 1 Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
|
|||||
| CVE-2003-0386 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
|
|||||
| CVE-2000-1119 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
|
|||||
| CVE-2005-4376 | 1 Box Uk | 1 Amaxus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.
|
|||||
| CVE-2000-0465 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
|
|||||
| CVE-2004-2011 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
|
|||||
| CVE-2003-1010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.
|
|||||
| CVE-2005-4148 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.
|
|||||
| CVE-2005-3061 | 1 Powerarchiver | 4 Powerarchiver 2002, Powerarchiver 2003, Powerarchiver 2004 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive.
|
|||||