Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0008 | 2 Borland Software, Firebirdsql | 2 Interbase, Firebird | 2025-04-03 | 10.0 HIGH | N/A |
|
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
|
|||||
| CVE-2001-0516 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
|
|||||
| CVE-2005-3839 | 1 Supportpro | 1 Supportdesk | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options.
|
|||||
| CVE-2001-1272 | 1 Wliang | 1 Wmtv | 2025-04-03 | 4.6 MEDIUM | N/A |
|
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
|
|||||
| CVE-1999-1258 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.
|
|||||
| CVE-2000-0619 | 1 Toplayer | 1 Appswitch | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.
|
|||||
| CVE-2000-0296 | 1 Michael A. Gumienny | 1 Fcheck | 2025-04-03 | 7.2 HIGH | N/A |
|
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
|
|||||
| CVE-2002-0303 | 1 Novell | 1 Groupwise | 2025-04-03 | 4.6 MEDIUM | N/A |
|
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.
|
|||||
| CVE-2006-3801 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.
|
|||||
| CVE-2000-1032 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.
|
|||||
| CVE-2006-0243 | 1 Smbcms | 1 Smbcms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-0728 | 1 Webspell | 1 Webspell | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.
|
|||||
| CVE-2006-0187 | 1 Microsoft | 1 Visual Studio .net | 2025-04-03 | 5.1 MEDIUM | N/A |
|
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
|
|||||
| CVE-1999-0906 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
|
|||||
| CVE-2001-0084 | 1 Gnome | 1 Gtk | 2025-04-03 | 7.2 HIGH | N/A |
|
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
|
|||||
| CVE-2002-0426 | 1 Linksys | 1 Befvp41 | 2025-04-03 | 7.5 HIGH | N/A |
|
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.
|
|||||
| CVE-2006-2011 | 1 4homepages | 1 4images | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php.
|
|||||
| CVE-2005-1130 | 1 Desert Dog Software | 1 Pinnacle Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter.
|
|||||
| CVE-2004-0474 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
|
|||||
| CVE-2000-0060 | 1 Avirt | 1 Rover | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
|
|||||
| CVE-2001-0451 | 1 Sentraweb | 1 Indexu | 2025-04-03 | 7.5 HIGH | N/A |
|
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
|
|||||
| CVE-2002-1086 | 1 Visualshapers | 1 Ezcontents | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities.
|
|||||
| CVE-2002-0995 | 1 Gianluca Baldo | 1 Phpauction | 2025-04-03 | 7.5 HIGH | N/A |
|
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
|
|||||
| CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.
|
|||||
| CVE-2002-0334 | 1 Xtell | 1 Xtell | 2025-04-03 | 2.1 LOW | N/A |
|
xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.
|
|||||
| CVE-2004-1119 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
|
|||||
| CVE-2004-1212 | 1 Blog Torrent | 1 Blog Torrent Preview | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.
|
|||||
| CVE-2001-1102 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
|
|||||
| CVE-2002-1681 | 1 Open Source Development Network | 1 Slashcode | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
|
|||||
| CVE-2002-0293 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 6.2 MEDIUM | N/A |
|
FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.
|
|||||
| CVE-2006-3922 | 1 Portailphp | 1 Portailphp | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
|
|||||
| CVE-2006-2566 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.
|
|||||
| CVE-2005-1175 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
|
|||||
| CVE-2006-4889 | 1 Telekorn | 1 Signkorn Guestbook | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de di ...
Show More |
|||||
| CVE-2004-0500 | 3 Gentoo, Mandrakesoft, Rob Flynn | 3 Linux, Mandrake Linux, Gaim | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
|
|||||
| CVE-2005-4503 | 1 Net-square | 1 Httprint | 2025-04-03 | 5.0 MEDIUM | N/A |
|
httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTTP response.
|
|||||
| CVE-2006-3091 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php.
|
|||||
| CVE-2000-1025 | 1 Unify | 1 Ewave Servletexec | 2025-04-03 | 5.0 MEDIUM | N/A |
|
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running.
|
|||||
| CVE-2001-0995 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-03 | 7.5 HIGH | N/A |
|
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
|
|||||
| CVE-2005-0649 | 1 Pixel-apes Group | 1 Safehtml | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."
|
|||||