Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4721 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2005-0876 | 1 Dnsmasq | 1 Dnsmasq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.
|
|||||
| CVE-1999-0446 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
|
|||||
| CVE-2004-2023 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.
|
|||||
| CVE-2006-3907 | 1 Siemens | 1 Speedstream Wireless Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface.
|
|||||
| CVE-2004-0645 | 2 Abisource, Wvware | 2 Community Abiword, Wvware | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
|
|||||
| CVE-2001-0338 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
|
|||||
| CVE-2006-1093 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.
|
|||||
| CVE-2000-0915 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
|
|||||
| CVE-2000-0714 | 1 University Of Massachusetts | 1 Scheme | 2025-04-03 | 7.2 HIGH | N/A |
|
umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files.
|
|||||
| CVE-2002-0213 | 2 Sgi, Xinet | 2 Irix, K-ashare | 2025-04-03 | 2.1 LOW | N/A |
|
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
|
|||||
| CVE-2000-0704 | 3 Freewnn, Omron, Wnn | 3 Freewnn, Worldview, Wnn4 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
|
|||||
| CVE-2005-2464 | 1 Pcxp Toppe Cms | 1 Pcxp Toppe Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid.
|
|||||
| CVE-2005-0964 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.
|
|||||
| CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2025-04-03 | 2.6 LOW | N/A |
|
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
|
|||||
| CVE-2002-0359 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.
|
|||||
| CVE-2002-2004 | 1 Compaq | 1 Tru64 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
|
|||||
| CVE-2006-3609 | 1 Orbitcoders | 1 Orbitmatrix | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute.
|
|||||
| CVE-1999-1283 | 1 Opera Software | 1 Opera Web Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag.
|
|||||
| CVE-2004-1690 | 1 Rhinosoft | 1 Dns4me | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.
|
|||||
| CVE-2002-1556 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
|
|||||
| CVE-2002-2027 | 1 Doow | 1 Doow | 2025-04-03 | 7.5 HIGH | N/A |
|
Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities.
|
|||||
| CVE-2002-1390 | 1 Geneweb | 1 Geneweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.
|
|||||
| CVE-2004-1120 | 1 Prozilla | 1 Prozilla Download Accelerator | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
|
|||||
| CVE-2005-0409 | 1 Citrusdb | 1 Citrusdb | 2025-04-03 | 6.4 MEDIUM | N/A |
|
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.
|
|||||
| CVE-2006-1607 | 1 Exponent | 1 Exponent Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors.
|
|||||
| CVE-2006-3147 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
|
|||||
| CVE-2005-3381 | 1 Ukranian National Antivirus | 1 Una | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte ...
Show More |
|||||
| CVE-2002-2219 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-03 | 7.5 HIGH | N/A |
|
chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.
|
|||||
| CVE-2006-1530 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
|
|||||
| CVE-2000-0179 | 1 Hp | 1 Openview Omniback Ii | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.
|
|||||
| CVE-2000-0518 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
|
|||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
|
|||||
| CVE-2006-2836 | 1 Pineapple Technologies | 1 Lore | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
|
|||||
| CVE-2001-1349 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 3.7 LOW | N/A |
|
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
|
|||||
| CVE-2004-2276 | 1 F-secure | 1 F-secure Anti-virus | 2025-04-03 | 2.1 LOW | N/A |
|
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
|
|||||
| CVE-2004-2392 | 1 Mandrakesoft | 2 Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
|
|||||
| CVE-2005-2620 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.
|
|||||
| CVE-2002-0936 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
|
|||||
| CVE-2000-0417 | 1 Cayman | 2 3220-h Dsl Router, Gatorsurf | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.
|
|||||