Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0402 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 2.1 LOW | N/A |
|
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
|
|||||
| CVE-2002-0108 | 1 Allaire | 1 Forums | 2025-04-03 | 7.5 HIGH | N/A |
|
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
|
|||||
| CVE-2000-0449 | 1 Omnis | 1 Studio | 2025-04-03 | 10.0 HIGH | N/A |
|
Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields.
|
|||||
| CVE-2003-0609 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
|
|||||
| CVE-2003-0108 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
|
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
|
|||||
| CVE-2003-0055 | 1 Apple | 1 Quicktime Darwin Mp3 Broadcaster | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
|
|||||
| CVE-2004-0077 | 4 Linux, Netwosix, Redhat and 1 more | 7 Linux Kernel, Netwosix Linux, Bigmem Kernel and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
|
|||||
| CVE-2005-3933 | 1 88script | 1 88script Event Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
|
|||||
| CVE-2000-0470 | 1 Allegro | 1 Rom Pager | 2025-04-03 | 7.5 HIGH | N/A |
|
Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request.
|
|||||
| CVE-1999-0340 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Linux Slackware crond program allows local users to gain root access.
|
|||||
| CVE-2005-4165 | 1 Asp-dev | 1 Asp Resources Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp.
|
|||||
| CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
|
|||||
| CVE-2002-0299 | 1 Cnet | 1 Catchup | 2025-04-03 | 7.6 HIGH | N/A |
|
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.
|
|||||
| CVE-2000-0825 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
|
|||||
| CVE-2004-2464 | 1 Ada | 1 Imgsvr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected.
|
|||||
| CVE-2004-1785 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
|
|||||
| CVE-1999-0586 | 2025-04-03 | N/A | N/A | ||
|
A network service is running on a nonstandard port.
|
|||||
| CVE-2005-2736 | 1 Yapig | 1 Yapig | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
|
|||||
| CVE-2002-0415 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 1.7 LOW | N/A |
|
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
|
|||||
| CVE-2005-0545 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
|
|||||
| CVE-2006-4442 | 1 Clemens Wacha | 1 Php Iaddressbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information.
|
|||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2025-04-03 | 7.5 HIGH | N/A |
|
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
|
|||||
| CVE-2002-0418 | 1 Endymion | 1 Sake Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
|
|||||
| CVE-2001-0110 | 1 Iomega | 1 Jazip | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
|
|||||
| CVE-2001-1163 | 1 Munica | 1 Netsql | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
|
|||||
| CVE-2006-1070 | 1 Dvguestbook | 1 Dvguestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
|
|||||
| CVE-2005-0321 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 2.1 LOW | N/A |
|
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
|
|||||
| CVE-2005-2031 | 1 Socialmpn | 1 Socialmpn | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php.
|
|||||
| CVE-2005-1512 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.
|
|||||
| CVE-2003-0122 | 1 Ibm | 2 Lotus Domino, Lotus Notes Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
|
|||||
| CVE-1999-1499 | 1 Isc | 1 Bind | 2025-04-03 | 2.1 LOW | N/A |
|
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
|
|||||
| CVE-2000-0996 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
|
|||||
| CVE-2006-2167 | 1 Sloughflash | 1 Sf-users | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
|
|||||
| CVE-2006-4938 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.0 MEDIUM | N/A |
|
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
|
|||||
| CVE-2005-4019 | 1 Relative Real Estate Systems | 1 Relative Real Estate Systems | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter.
|
|||||
| CVE-2006-2267 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3.
|
|||||
| CVE-2005-0297 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.
|
|||||
| CVE-2005-3880 | 1 Omnistar Interactive | 1 Omnistar Kbase | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php.
|
|||||
| CVE-2005-3500 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
|
|||||
| CVE-2003-0462 | 2 Linux, Mandrakesoft | 4 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2025-04-03 | 1.2 LOW | N/A |
|
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
|
|||||