Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2408 | 1 Gordano | 1 Ntmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.
|
|||||
| CVE-2005-1842 | 1 Adobe | 1 Version Cue | 2025-04-03 | 2.1 LOW | N/A |
|
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0231 | 1 Khaled Mardam-bey | 1 Mirc | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname.
|
|||||
| CVE-2002-0917 | 1 Cgiscript.net | 1 Cspassword | 2025-04-03 | 7.5 HIGH | N/A |
|
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.
|
|||||
| CVE-2006-3041 | 1 Codewalkers | 1 Ltwcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement
|
|||||
| CVE-1999-1239 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so.
|
|||||
| CVE-2006-3856 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 2.1 LOW | N/A |
|
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
|
|||||
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter.
|
|||||
| CVE-2002-0398 | 1 Red-m | 1 1050ap Lan Acess Point | 2025-04-03 | 10.0 HIGH | N/A |
|
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.
|
|||||
| CVE-1999-0457 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux ftpwatch program allows local users to gain root privileges.
|
|||||
| CVE-2002-0553 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
|
|||||
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).
|
|||||
| CVE-2004-0771 | 1 Tsugio Okamoto | 1 Lha | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
|
|||||
| CVE-2000-0503 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
|
|||||
| CVE-2000-0257 | 1 Novell | 1 Netware | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
|
|||||
| CVE-2005-1930 | 1 Trend Micro | 1 Serverprotect | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter.
|
|||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
|
|||||
| CVE-2000-0978 | 1 Bb4 | 1 Big Brother Network Monitor | 2025-04-03 | 7.5 HIGH | N/A |
|
bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.
|
|||||
| CVE-2005-3766 | 1 Exponent | 1 Exponent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.
|
|||||
| CVE-2002-1509 | 1 Redhat | 1 Linux | 2025-04-03 | 3.6 LOW | N/A |
|
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
|
|||||
| CVE-2005-2701 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
|
|||||
| CVE-2006-4051 | 1 Turnkey Web Tools | 1 Php Live Helper | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.
|
|||||
| CVE-2005-3114 | 1 Nateon | 1 Nateon Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long third argument to the GotNate.Excute method.
|
|||||
| CVE-2001-0148 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
|
|||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.
|
|||||
| CVE-2004-0049 | 1 Realnetworks | 2 Helix Universal Mobile Server, Helix Universal Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
|
|||||
| CVE-2004-0931 | 1 Mysql | 1 Maxdb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.
|
|||||
| CVE-2001-0414 | 1 Dave Mills | 2 Ntpd, Xntp3 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
|
|||||
| CVE-2004-1939 | 1 Rhinosoft | 1 Zaep Antispam | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
|
|||||
| CVE-2002-0681 | 1 Goahead Software | 1 Goahead Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
|
|||||
| CVE-2003-0330 | 1 Ambrosia Software | 1 Maelstrom | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument.
|
|||||
| CVE-2003-1146 | 1 John Beatty | 1 Easy Php Photo Album | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
|
|||||
| CVE-2004-0286 | 1 Robotftp | 1 Robotftp Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.
|
|||||
| CVE-2000-0657 | 1 Analogx | 1 Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long HELO command in the SMTP protocol.
|
|||||
| CVE-2000-0405 | 1 Atstake | 1 Antisniff | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.
|
|||||
| CVE-2004-0207 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows 98 and 2 more | 2025-04-03 | 2.1 LOW | N/A |
|
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
|
|||||
| CVE-2001-0604 | 1 Lotus | 1 Domino R5 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.
|
|||||
| CVE-2002-0380 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.
|
|||||
| CVE-2004-1465 | 1 Winzip | 1 Winzip | 2025-04-03 | 3.7 LOW | N/A |
|
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.
|
|||||
| CVE-2000-1219 | 1 Gnu | 2 G\+\+, Gcc | 2025-04-03 | 7.5 HIGH | N/A |
|
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
|
|||||