Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3413 | 1 Eyeos Project | 1 Eyeos | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter.
|
|||||
| CVE-2005-1676 | 1 Groove | 2 Groove Workspace, Virtual Office | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.
|
|||||
| CVE-2000-1022 | 1 Cisco | 1 Pix Firewall Software | 2025-04-03 | 7.5 HIGH | N/A |
|
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.
|
|||||
| CVE-2004-0512 | 1 Sco | 1 Openserver | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
|
|||||
| CVE-2006-3137 | 1 Cutting Edge Computing | 1 Edge Ecommerce Shop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter.
|
|||||
| CVE-2006-2038 | 1 Amplecom | 1 Ampleshop | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
|
|||||
| CVE-2006-0177 | 1 Cray | 1 Unicos | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.
|
|||||
| CVE-2004-0830 | 1 F-secure | 3 F-secure Anti-virus, F-secure Content Scanner Server, Internet Gatekeeper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet.
|
|||||
| CVE-1999-1520 | 1 Microsoft | 1 Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
|
|||||
| CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
|
|||||
| CVE-1999-0083 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
getcwd() file descriptor leak in FTP.
|
|||||
| CVE-2005-3940 | 1 Greywyvern | 1 Orca Ringmaker | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.
|
|||||
| CVE-2002-0248 | 1 Wliang | 1 Wmtv | 2025-04-03 | 7.2 HIGH | N/A |
|
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.
|
|||||
| CVE-2006-1794 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.6 HIGH | N/A |
|
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
|
|||||
| CVE-2006-2970 | 1 L0j1k | 1 Tinymuw | 2025-04-03 | 5.0 MEDIUM | N/A |
|
videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message.
|
|||||
| CVE-2001-1095 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
|
|||||
| CVE-2002-1863 | 1 Iomega | 1 Network Attached Storage | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled.
|
|||||
| CVE-2004-2104 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.
|
|||||
| CVE-2005-0562 | 1 Microsoft | 1 Msn Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
|
|||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
|
|||||
| CVE-2004-1188 | 3 Mandrakesoft, Mplayer, Xine | 4 Mandrake Linux, Mplayer, Xine and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
|
|||||
| CVE-2002-0451 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-03 | 7.5 HIGH | N/A |
|
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
|
|||||
| CVE-2002-1192 | 2 Netbsd, Rogue | 2 Netbsd, Rogue | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file.
|
|||||
| CVE-2003-0156 | 1 Cross Referencer | 1 Lxr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
|
|||||
| CVE-2001-0739 | 1 Engardelinux | 1 Secure Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.
|
|||||
| CVE-2004-0510 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
|
|||||
| CVE-2004-1688 | 1 Tech-noel | 1 Pigeon Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.
|
|||||
| CVE-2004-1731 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
|
|||||
| CVE-1999-1067 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities.
|
|||||
| CVE-2004-1806 | 1 Dogpatch Software | 1 Cfwebstore | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters.
|
|||||
| CVE-2004-0609 | 1 Rssh | 1 Rssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.
|
|||||
| CVE-2001-1454 | 1 Oracle | 1 Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
|
|||||
| CVE-2006-4983 | 1 Cisco | 1 Network Access Control | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.
|
|||||
| CVE-2005-2549 | 1 Gnome | 1 Evolution | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
|
|||||
| CVE-2004-1648 | 1 Web Animations | 1 Password Protect | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.
|
|||||
| CVE-2004-2667 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2004-0798 | 1 Progress | 1 Whatsup Gold | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
|
|||||
| CVE-2006-0522 | 1 Symantec | 1 Sygate Management Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.
|
|||||
| CVE-2003-1126 | 1 Sun | 1 One Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
|
|||||
| CVE-2004-1217 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp.
|
|||||