Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1450 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
|
|||||
| CVE-2005-4426 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.
|
|||||
| CVE-2004-0746 | 4 Gentoo, Kde, Mandrakesoft and 1 more | 5 Linux, Kde, Konqueror and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
|
|||||
| CVE-2006-1533 | 1 Sourceworkshop | 1 Newsletter | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter.
|
|||||
| CVE-2004-2374 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.
|
|||||
| CVE-2006-1288 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.
|
|||||
| CVE-2004-0569 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
|
|||||
| CVE-2002-0281 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
|
|||||
| CVE-1999-1429 | 1 Dit | 1 Transferpro | 2025-04-03 | 2.1 LOW | N/A |
|
DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver.
|
|||||
| CVE-2004-0218 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.
|
|||||
| CVE-2005-3305 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.
|
|||||
| CVE-2004-2002 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet.
|
|||||
| CVE-2000-0579 | 1 Sgi | 1 Irix | 2025-04-03 | 3.7 LOW | N/A |
|
IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.
|
|||||
| CVE-2005-0715 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
|
|||||
| CVE-1999-0071 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
|
|||||
| CVE-2005-1709 | 1 Bluecoat | 1 Reporter | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.
|
|||||
| CVE-2004-1745 | 1 People Can Fly | 1 Painkiller | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
|
|||||
| CVE-2000-1158 | 1 Network Associates | 1 Sniffer Agent | 2025-04-03 | 7.5 HIGH | N/A |
|
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
|
|||||
| CVE-2005-4294 | 1 Alkacon | 1 Opencms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.
|
|||||
| CVE-2005-3870 | 1 Edmobbs | 1 Edmobbs | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.
|
|||||
| CVE-2004-2333 | 1 Bodington | 1 Bodington | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files.
|
|||||
| CVE-2001-1244 | 7 Freebsd, Hp, Linux and 4 more | 9 Freebsd, Hp-ux, Vvos and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
|
|||||
| CVE-2005-0488 | 3 Microsoft, Mit, Sun | 3 Telnet Client, Kerberos 5, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
|
|||||
| CVE-2000-0527 | 1 3r Soft | 1 Mailstudio 2000 | 2025-04-03 | 10.0 HIGH | N/A |
|
userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-1999-1421 | 1 N-base | 2 Nh208, Nh215 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.
|
|||||
| CVE-2002-0003 | 1 Gnu | 1 Groff | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
|
|||||
| CVE-2003-0142 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function.
|
|||||
| CVE-2000-0712 | 1 Lids | 1 Lids | 2025-04-03 | 7.2 HIGH | N/A |
|
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
|
|||||
| CVE-2003-1119 | 1 Ssh | 1 Secure Shell | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.
|
|||||
| CVE-2000-1077 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
|
|||||
| CVE-2005-3189 | 1 Qualcomm | 1 Worldmail Imap Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.
|
|||||
| CVE-2004-0582 | 1 Webmin | 1 Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
|
|||||
| CVE-2006-2009 | 1 Phpmyagenda | 1 Phpmyagenda | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter.
|
|||||
| CVE-2002-1070 | 1 Php-wiki | 1 Php-wiki | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.
|
|||||
| CVE-2006-1482 | 1 Conftool | 1 Conftool | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2000-0374 | 1 Caldera | 1 Openlinux | 2025-04-03 | 10.0 HIGH | N/A |
|
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.
|
|||||
| CVE-1999-1230 | 1 Id Software | 1 Quake 2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.
|
|||||
| CVE-2006-2270 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.
|
|||||
| CVE-2002-1639 | 1 Oracle | 1 Configurator | 2025-04-03 | 7.5 HIGH | N/A |
|
Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".
|
|||||
| CVE-2005-2195 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
|
|||||