Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0171 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
|
|||||
| CVE-2000-0833 | 1 Jack De Winter | 1 Winsmtp | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command.
|
|||||
| CVE-2003-1121 | 1 Scriptlogic | 1 Scriptlogic | 2025-04-03 | 10.0 HIGH | N/A |
|
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
|
|||||
| CVE-2003-0342 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
|
|||||
| CVE-2005-0962 | 1 Lighthouse Development | 1 Squirrelcart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.
|
|||||
| CVE-2005-1653 | 1 Woppoware | 1 Postmaster | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
|||||
| CVE-1999-0577 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
|
|||||
| CVE-2005-0302 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.
|
|||||
| CVE-2002-0541 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 1580 or port 1581.
|
|||||
| CVE-2006-2580 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.
|
|||||
| CVE-2001-0627 | 1 Sco | 1 Openserver | 2025-04-03 | 3.7 LOW | N/A |
|
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2002-1037 | 1 Michael Dean | 1 Double Choco Latte | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features.
|
|||||
| CVE-2005-2595 | 1 Dada Mail | 1 Dada Mail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages.
|
|||||
| CVE-2000-0242 | 1 Geocel | 1 Windmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters.
|
|||||
| CVE-2005-0943 | 1 Cisco | 8 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
|
|||||
| CVE-2003-0522 | 1 Early Impact | 1 Productcart | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
|
|||||
| CVE-2005-4661 | 1 Campware.org | 1 Campsite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.
|
|||||
| CVE-2001-1317 | 1 Teamware | 1 Teamware Office | 2025-04-03 | 7.5 HIGH | N/A |
|
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2003-0723 | 1 Gkrellm | 1 Gkrellm | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-4021 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2006-4538 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
|
|||||
| CVE-2005-4506 | 1 Nexus Concepts | 1 Dev Hound | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges.
|
|||||
| CVE-2003-0240 | 1 Axis | 9 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 6 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash).
|
|||||
| CVE-1999-0604 | 1 Selena Sol | 1 Selena Sol Webstore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information.
|
|||||
| CVE-2005-2810 | 1 Urban | 1 Urban | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.
|
|||||
| CVE-1999-1567 | 1 Seapine Software | 1 Testtrack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data.
|
|||||
| CVE-2005-4305 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
|
|||||
| CVE-2005-3669 | 1 Cisco | 8 Adaptive Security Appliance Software, Firewall Services Module, Ios and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-2004-1855 | 1 Mythic Entertainment | 1 Dark Age Of Camelot | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack.
|
|||||
| CVE-2004-0063 | 1 Ncipher | 1 Payshield Spp Library | 2025-04-03 | 7.5 HIGH | N/A |
|
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
|
|||||
| CVE-2001-1080 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
|
|||||
| CVE-2006-4291 | 1 Phlymail | 1 Phlymail Lite | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.
|
|||||
| CVE-1999-1362 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
|
|||||
| CVE-2006-4783 | 1 Webspell | 1 Webspell | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.
|
|||||
| CVE-2005-3674 | 1 Sun | 1 Solaris | 2025-04-03 | 7.8 HIGH | N/A |
|
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-2000-0962 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
|
|||||
| CVE-2003-0294 | 1 Php-proxima | 1 Php-proxima | 2025-04-03 | 5.0 MEDIUM | N/A |
|
autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation.
|
|||||
| CVE-2006-3977 | 1 Broadcom | 1 Etrust Antivirus Webscan | 2025-04-03 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
|
|||||
| CVE-2002-1980 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2006-0977 | 1 Craig Morrison | 1 Mts Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.
|
|||||