Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2454 | 1 Amsn | 1 Amsn | 2025-04-03 | 2.1 LOW | N/A |
|
aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
|
|||||
| CVE-2001-1134 | 1 Xerox | 1 Docuprint N40 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
|
|||||
| CVE-2001-0121 | 1 Storagesoft | 1 Imagecast Ic3 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.
|
|||||
| CVE-2004-1576 | 1 Megalo | 1 Judge Dredd Dredd Vs. Death | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a chat message.
|
|||||
| CVE-2006-1967 | 1 Kcscripts | 2 Kcscripts Calendar, Portal Pack | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.
|
|||||
| CVE-2004-1996 | 1 Simple Machines | 1 Smf | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.
|
|||||
| CVE-2005-0106 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.
|
|||||
| CVE-2005-2516 | 1 Apple | 2 Mac Os X, Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2003-0537 | 1 Daiki Ueno | 1 Liece Emacs Irc Client | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.
|
|||||
| CVE-2005-4717 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
|
|||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters.
|
|||||
| CVE-2001-0401 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
|
|||||
| CVE-2004-1412 | 1 Kayako | 1 Esupport | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
|
|||||
| CVE-2004-0752 | 1 Openoffice | 1 Openoffice | 2025-04-03 | 2.1 LOW | N/A |
|
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
|
|||||
| CVE-2006-4898 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
|
|||||
| CVE-2000-0992 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-1419 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter.
|
|||||
| CVE-2004-1475 | 1 Xine | 2 Xine, Xine-lib | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
|
|||||
| CVE-2006-3093 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.
|
|||||
| CVE-2006-0449 | 1 E-post Corporation | 2 Mail Server, Spa-pro Mail Atsolomon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent.
|
|||||
| CVE-2003-0038 | 1 Gnu | 1 Mailman | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
|
|||||
| CVE-2001-0250 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.
|
|||||
| CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2025-04-03 | 7.5 HIGH | N/A |
|
WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login.
|
|||||
| CVE-1999-0435 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM.
|
|||||
| CVE-2004-2184 | 1 Digicraft Software | 1 Yak | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
|
|||||
| CVE-2004-2247 | 1 Goosequill | 1 Audienceconnect | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
|
|||||
| CVE-2005-0524 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
|
|||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
|
|||||
| CVE-2002-2123 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
|
|||||
| CVE-2006-2278 | 1 Arabless | 1 Saphplesson | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
|
|||||
| CVE-2004-2279 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
|
|||||
| CVE-2006-4103 | 1 Jason Alexander | 1 Phnntp | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
|
|||||
| CVE-1999-0797 | 1 Sun | 1 Sunos | 2025-04-03 | 2.6 LOW | N/A |
|
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
|
|||||
| CVE-2006-2089 | 1 Mysmartbb | 1 Mysmartbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters.
|
|||||
| CVE-2005-4783 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
|
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.
|
|||||
| CVE-2003-0946 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
|
|||||
| CVE-2005-2569 | 1 Funkboard | 1 Funkboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php.
|
|||||
| CVE-2005-2401 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
|
|||||
| CVE-2006-2924 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake.
|
|||||
| CVE-1999-0342 | 1 Pam | 1 Pam | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Linux PAM modules allow local users to gain root access using temporary files.
|
|||||