Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1373 | 1 Fore | 1 Powerhub Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap.
|
|||||
| CVE-2001-0602 | 1 Lotus | 1 Domino R5 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.
|
|||||
| CVE-2005-0801 | 1 Includer.cgi | 1 Includer.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL.
|
|||||
| CVE-2006-0889 | 1 Brown Bear Software | 1 Calcium | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4318 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
|
|||||
| CVE-2000-0606 | 3 Debian, Mandrakesoft, Redhat | 3 Debian Linux, Mandrake Linux, Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
|
|||||
| CVE-2006-3812 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
|
|||||
| CVE-2001-0502 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
|
|||||
| CVE-2005-4680 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
|
|||||
| CVE-2002-1733 | 1 Prospero Technologies | 1 Prospero Message Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post.
|
|||||
| CVE-2001-0448 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
|
|||||
| CVE-2001-1079 | 1 Ibm | 1 Aix | 2025-04-03 | 3.6 LOW | N/A |
|
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
|
|||||
| CVE-2001-1048 | 1 Topher1kenobe | 1 Awol | 2025-04-03 | 7.5 HIGH | N/A |
|
AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
|||||
| CVE-2001-0452 | 1 Brs | 1 Webweaver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
|
|||||
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
|
|||||
| CVE-2006-4705 | 1 Dominic Gamble | 1 Timesheet.php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2004-2189 | 1 Dmxready | 1 Dmxready Site Chassis Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2001-1190 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
|
|||||
| CVE-2005-0572 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.
|
|||||
| CVE-2002-0751 | 1 Cgiscript.net | 1 Csmailto | 2025-04-03 | 7.5 HIGH | N/A |
|
CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.
|
|||||
| CVE-2005-4643 | 1 Antharia | 1 Oncontent Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE.
|
|||||
| CVE-2003-0107 | 1 Zlib | 1 Zlib | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
|
|||||
| CVE-2001-1142 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
|
|||||
| CVE-2004-0762 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
|
|||||
| CVE-2004-0045 | 1 Isc | 1 Inn | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-0455 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 4.6 MEDIUM | N/A |
|
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
|
|||||
| CVE-2004-1165 | 1 Kde | 2 Kdelibs, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
|
|||||
| CVE-2004-2593 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
|
|||||
| CVE-2005-2304 | 1 Microsoft | 2 Internet Explorer, Live Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.
|
|||||
| CVE-2006-3933 | 1 Alkacon | 1 Opencms | 2025-04-03 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
|
|||||
| CVE-2006-4984 | 1 Grayscale | 1 Bandsite Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. NOTE: the other vectors from the original disclosure are already covered by CVE-2006-3193.
|
|||||
| CVE-2002-1458 | 1 Leszek Krupinski | 1 L-forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.
|
|||||
| CVE-2006-2712 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages.
|
|||||
| CVE-2005-4141 | 1 Aspmforum | 1 Aspmforum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.
|
|||||
| CVE-2006-4445 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion
|
|||||
| CVE-2002-1121 | 4 Gfi, Network Associates, Roaring Penguin and 1 more | 5 Mailsecurity, Webshield Smtp, Canit and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial ...
Show More |
|||||
| CVE-2006-3109 | 1 Cisco | 1 Call Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
|
|||||
| CVE-2005-2872 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873.
|
|||||
| CVE-2004-0070 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-0903 | 1 Apple | 1 Quicktime Pictureviewer | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
|
|||||