Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0866 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
|
|||||
| CVE-2006-1964 | 1 Aspsitem | 1 Aspsitem | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2003-0851 | 2 Cisco, Openssl | 5 Css11000 Content Services Switch, Ios, Pix Firewall and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
|
|||||
| CVE-2004-0415 | 3 Linux, Redhat, Trustix | 3 Linux Kernel, Fedora Core, Secure Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
|
|||||
| CVE-2004-1226 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
|
|||||
| CVE-2002-1384 | 2 Easy Software Products, Xpdf | 2 Cups, Xpdf | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
|
|||||
| CVE-1999-0890 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2025-04-03 | 7.5 HIGH | N/A |
|
iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.
|
|||||
| CVE-1999-0689 | 2 Cde, Sun | 3 Cde, Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
|
|||||
| CVE-2003-0645 | 1 Andries Brouwer | 1 Man | 2025-04-03 | 4.6 MEDIUM | N/A |
|
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
|
|||||
| CVE-2006-0900 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.8 HIGH | N/A |
|
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
|
|||||
| CVE-2006-0067 | 1 Vego | 1 Vego Links Builder | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2003-0487 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
|
|||||
| CVE-2002-1947 | 1 Webmin | 1 Webmin | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
|
|||||
| CVE-2001-0257 | 1 I-data International | 1 Easycom Safecom Print Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Easycom/Safecom Print Server Web service, version 404.590 and earlier, allows remote attackers to execute arbitrary commands via (1) a long URL or (2) a long HTTP header field such as "Host:".
|
|||||
| CVE-2004-1519 | 1 Benjamin Curtis | 1 Phpbugtracker | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.
|
|||||
| CVE-1999-1181 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
|
|||||
| CVE-2005-3466 | 1 Oracle | 1 Peoplesoft Enterprise Customer Relationship Management | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
|
|||||
| CVE-2006-0468 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.
|
|||||
| CVE-1999-1314 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of certain mount_union commands.
|
|||||
| CVE-2002-2029 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
|
|||||
| CVE-2003-0552 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
|
|||||
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
|
|||||
| CVE-2006-4117 | 1 Sun | 1 Solaris | 2025-04-03 | 5.4 MEDIUM | N/A |
|
The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect.
|
|||||
| CVE-2004-1827 | 2 Simple Machines, Yabb | 2 Simple Machines Smf, Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
|
|||||
| CVE-2006-0501 | 1 Punctweb | 1 Myco Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user.
|
|||||
| CVE-2003-0525 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
|
|||||
| CVE-2003-0407 | 1 Gnome | 1 Batalla Naval | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
|
|||||
| CVE-2002-0585 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
|
|||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 7.5 HIGH | N/A |
|
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951).
|
|||||
| CVE-2006-3753 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2025-04-03 | 6.4 MEDIUM | N/A |
|
setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash.
|
|||||
| CVE-2002-1452 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter.
|
|||||
| CVE-1999-0894 | 1 Redhat | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
|
|||||
| CVE-2002-1236 | 1 Linksys | 1 Befsr41 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.
|
|||||
| CVE-2006-3727 | 1 Eskolar Cms | 1 Eskolar Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.
|
|||||
| CVE-2006-0685 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2025-04-03 | 10.0 HIGH | N/A |
|
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message.
|
|||||
| CVE-2002-0201 | 1 Cyberstop | 1 Cyberstop Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
|
|||||
| CVE-2005-3827 | 1 Agileco | 1 Agilebill | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-1999-0465 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.
|
|||||
| CVE-2001-1491 | 1 Opera Software | 1 Opera Web Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
|
|||||