Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1110 | 1 Columbia University | 1 Sipc | 2025-04-03 | 7.5 HIGH | N/A |
|
The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
|
|||||
| CVE-2003-0541 | 1 Gnome | 1 Gtkhtml | 2025-04-03 | 5.0 MEDIUM | N/A |
|
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.
|
|||||
| CVE-1999-0985 | 1 Cc | 1 Cc Whois | 2025-04-03 | 7.5 HIGH | N/A |
|
CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.
|
|||||
| CVE-1999-1089 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument.
|
|||||
| CVE-2004-0547 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash).
|
|||||
| CVE-2002-2208 | 2 Cisco, Extended Interior Gateway Routing Protocol | 2 Ios, Extended Interior Gateway Routing Protocol | 2025-04-03 | 7.8 HIGH | N/A |
|
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
|
|||||
| CVE-2005-0443 | 1 Devellion | 1 Cubecart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
|
|||||
| CVE-2005-2424 | 1 Siemens | 1 Santis 50 | 2025-04-03 | 7.5 HIGH | N/A |
|
The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.
|
|||||
| CVE-2002-0096 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 7.2 HIGH | N/A |
|
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
|
|||||
| CVE-2003-0627 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 5.0 MEDIUM | N/A |
|
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments.
|
|||||
| CVE-2004-0028 | 1 Samba | 1 Jitterbug | 2025-04-03 | 7.5 HIGH | N/A |
|
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
|
|||||
| CVE-2002-1705 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
|
|||||
| CVE-2004-1815 | 2 Macromedia, Sun | 3 Coldfusion, Jrun, One Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2002-1466 | 1 Cafelog | 1 B2 | 2025-04-03 | 10.0 HIGH | N/A |
|
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
|
|||||
| CVE-2004-2338 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
|
|||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format.
|
|||||
| CVE-2005-4755 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
|
|||||
| CVE-1999-0712 | 1 Caldera | 2 Coas, Openlinux | 2025-04-03 | 2.1 LOW | N/A |
|
A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
|
|||||
| CVE-2006-2012 | 1 Skulltag Team | 1 Skulltag | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
|
|||||
| CVE-2004-2067 | 1 Jaws | 1 Jaws | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
|
|||||
| CVE-2005-2109 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
|
|||||
| CVE-1999-0298 | 2 Slackware, Sun | 2 Slackware Linux, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
|
|||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.
|
|||||
| CVE-2005-2339 | 1 Msearch | 1 Unicode Msearch | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2005-3313 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).
|
|||||
| CVE-2004-1752 | 1 Nakedsoft | 1 Gaucho | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
|
|||||
| CVE-2006-3458 | 1 Zope | 1 Zope | 2025-04-03 | 2.1 LOW | N/A |
|
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
|
|||||
| CVE-2006-0069 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.
|
|||||
| CVE-2003-1282 | 1 Ibm | 1 Net.data | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.
|
|||||
| CVE-2003-0298 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
|
|||||
| CVE-1999-0522 | 2025-04-03 | 7.2 HIGH | N/A | ||
|
The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate.
|
|||||
| CVE-2006-0300 | 1 Gnu | 1 Tar | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.
|
|||||
| CVE-2005-0863 | 1 Phpopenchat | 1 Phpopenchat | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php.
|
|||||
| CVE-2006-0322 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."
|
|||||
| CVE-2005-1814 | 1 Newmad Technologies | 1 Picowebserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in PicoWebServer 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URL.
|
|||||
| CVE-2006-1651 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol.
|
|||||
| CVE-2006-1536 | 1 Phoetux.net | 1 Phxcontacts | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
|
|||||
| CVE-2001-0332 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
|
|||||
| CVE-2002-0580 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 7.5 HIGH | N/A |
|
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
|
|||||
| CVE-2005-0582 | 1 Broadcom | 1 License Software | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
|
|||||