Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2181 | 1 Sonicwall | 1 Content Filtering | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.
|
|||||
| CVE-2000-0463 | 1 Be | 1 Beos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.
|
|||||
| CVE-2006-2556 | 1 Florian Amrhein | 1 Newsportal | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2002-0921 | 1 Cgiscript.net | 1 Csnews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages.
|
|||||
| CVE-2000-0993 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
|
|||||
| CVE-2005-4590 | 1 Spb | 1 Kiosk Engine | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.
|
|||||
| CVE-2003-0706 | 1 Nicolas Boullis | 1 Mah-jong | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).
|
|||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
|
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
|
|||||
| CVE-2005-2141 | 1 Jollybox.de | 1 Tcp Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow.
|
|||||
| CVE-2003-0077 | 1 Hanterm | 1 Hanterm-xf | 2025-04-03 | 7.5 HIGH | N/A |
|
The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2005-1720 | 1 Apple | 1 Afp Server | 2025-04-03 | 2.1 LOW | N/A |
|
AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.
|
|||||
| CVE-1999-1004 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.
|
|||||
| CVE-2005-3939 | 1 Wsn Knowledge Base | 1 Wsn Knowledge Base | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.
|
|||||
| CVE-2005-0648 | 1 Pixel-apes Group | 1 Safehtml | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."
|
|||||
| CVE-2004-0227 | 1 Triornis | 1 Zoneminder | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.
|
|||||
| CVE-2006-0460 | 1 Bomberclone | 1 Bomberclone | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.
|
|||||
| CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
|
|||||
| CVE-2005-3108 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.
|
|||||
| CVE-2006-1777 | 1 Simplog | 1 Simplog | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
|
|||||
| CVE-2006-0415 | 1 Sleeperchat | 1 Sleeperchat | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.
|
|||||
| CVE-2005-1322 | 1 Horde | 1 Nag | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-1999-0075 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
|
|||||
| CVE-2006-3358 | 1 Newsphp | 1 Newsphp | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue.
|
|||||
| CVE-2005-3821 | 1 Vtiger | 1 Vtiger Crm | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.
|
|||||
| CVE-2005-0224 | 1 Hp | 1 Virtualvault | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.
|
|||||
| CVE-2005-0788 | 1 Limewire | 1 Limewire | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request.
|
|||||
| CVE-2004-2233 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
|
|||||
| CVE-2006-3284 | 1 Datetopia | 1 Dating Agent Pro | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.
|
|||||
| CVE-2005-1665 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
|
|||||
| CVE-2006-0774 | 1 Lawrence Osiris | 1 Db Esession | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.
|
|||||
| CVE-2004-1473 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.
|
|||||
| CVE-1999-0860 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
|
|||||
| CVE-2003-1281 | 1 Eekim | 1 Cgihtml | 2025-04-03 | 2.1 LOW | N/A |
|
cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.
|
|||||
| CVE-2006-3767 | 1 Darrens 5-dollar Script Archive | 1 Osdate | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.
|
|||||
| CVE-2004-2401 | 1 Ipswitch | 1 Imail Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."
|
|||||
| CVE-2000-1104 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
|
|||||
| CVE-2004-1228 | 1 Sugarcrm | 1 Sugar Sales | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
|
|||||
| CVE-2005-3887 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.4 MEDIUM | N/A |
|
Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".
|
|||||
| CVE-2000-0721 | 1 Multisoft | 1 Flagship | 2025-04-03 | 6.2 MEDIUM | N/A |
|
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
|
|||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter.
|
|||||