Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1724 | 2 Debian, Mozilla | 5 Debian Linux, Firefox, Mozilla Suite and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
|
|||||
| CVE-2002-1143 | 1 Microsoft | 2 Excel, Word | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
|
|||||
| CVE-1999-1309 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 7.2 HIGH | N/A |
|
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.
|
|||||
| CVE-2002-1160 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
|
|||||
| CVE-2005-3070 | 1 Hylafax | 1 Hylafax | 2025-04-03 | 3.6 LOW | N/A |
|
HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
|
|||||
| CVE-2004-1255 | 1 2fax | 1 2fax | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF.
|
|||||
| CVE-2005-0845 | 1 Netwin | 1 Surgemail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.
|
|||||
| CVE-1999-0969 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
|
|||||
| CVE-2006-0036 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.
|
|||||
| CVE-2005-1078 | 1 Xampp | 1 Apache Distribution | 2025-04-03 | 7.5 HIGH | N/A |
|
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
|
|||||
| CVE-2002-0084 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
|
|||||
| CVE-2005-2798 | 1 Openbsd | 1 Openssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
|
|||||
| CVE-2002-0257 | 2 Apache, Usanet Creations | 2 Http Server, Makebid Auction Deluxe | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
|
|||||
| CVE-2006-4480 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.
|
|||||
| CVE-2006-3880 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of t ...
Show More |
|||||
| CVE-2002-1601 | 1 Adobe | 1 Photodeluxe | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.
|
|||||
| CVE-2000-0343 | 1 Brecht Claerhout | 1 Sniffit | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
|
|||||
| CVE-2002-0409 | 1 Microsoft | 1 .net Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
|
|||||
| CVE-2005-3311 | 1 Bmc | 1 Software Control-m Agent | 2025-04-03 | 2.1 LOW | N/A |
|
BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2006-2652 | 1 Wikini | 1 Wikini | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script.
|
|||||
| CVE-2006-2668 | 1 Docebolms | 1 Docebolms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
|
|||||
| CVE-2002-0756 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
|
|||||
| CVE-2006-2288 | 1 Avahi | 1 Avahi | 2025-04-03 | 3.6 LOW | N/A |
|
Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.
|
|||||
| CVE-1999-1415 | 1 Digital | 1 Ultrix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges.
|
|||||
| CVE-1999-1006 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
|
|||||
| CVE-2002-1387 | 1 Ehud Gavron | 1 Tracesroute | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument.
|
|||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2025-04-03 | 7.5 HIGH | N/A |
|
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
|
|||||
| CVE-1999-0638 | 2025-04-03 | N/A | N/A | ||
|
The daytime service is running.
|
|||||
| CVE-1999-0406 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
|
Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege.
|
|||||
| CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox."
|
|||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.
|
|||||
| CVE-2002-0191 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
|
|||||
| CVE-2004-0515 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
|
|||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter.
|
|||||
| CVE-2000-1037 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
|
|||||
| CVE-2001-0380 | 1 Crosscom Olicom | 1 Xlt-f | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
|
|||||
| CVE-2002-0688 | 1 Zope | 1 Zope | 2025-04-03 | 7.5 HIGH | N/A |
|
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
|
|||||
| CVE-2001-0449 | 1 Winzip | 1 Winzip | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
|
|||||
| CVE-2006-0418 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username.
|
|||||
| CVE-2006-1084 | 1 Php-stats | 1 Php-stats | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php.
|
|||||