Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3869 | 1 Google | 1 Api Search | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
|
|||||
| CVE-2006-3724 | 1 Oracle | 1 Enterpriseone | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01.
|
|||||
| CVE-2005-3218 | 1 Dr.web | 1 Dr.web Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-1999-1445 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
|
|||||
| CVE-2004-0625 | 1 Websoft | 1 Infinity Web | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page.
|
|||||
| CVE-2006-3265 | 1 Qdig | 1 Qdig | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.
|
|||||
| CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
|
|||||
| CVE-2003-0345 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
|
|||||
| CVE-2006-3858 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 2.1 LOW | N/A |
|
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
|
|||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | N/A |
|
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
|
|||||
| CVE-1999-0151 | 1 Satan | 1 Satan | 2025-04-03 | 7.6 HIGH | N/A |
|
The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.
|
|||||
| CVE-2005-1448 | 1 S9y | 1 Serendipity | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2005-1170 | 1 Datenbank Module | 1 Datenbank Module | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-0057 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
|
|||||
| CVE-2004-0961 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
|
|||||
| CVE-2005-1762 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.
|
|||||
| CVE-2004-1567 | 1 Silent-storm | 1 Silent-storm Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.
|
|||||
| CVE-2003-0538 | 1 Mozart | 1 Mozart | 2025-04-03 | 7.5 HIGH | N/A |
|
The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program.
|
|||||
| CVE-2002-0682 | 1 Apache | 1 Tomcat | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
|
|||||
| CVE-2005-1252 | 1 Ipswitch | 2 Imail, Imail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file.
|
|||||
| CVE-2000-1212 | 1 Zope | 1 Zope | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
|
|||||
| CVE-2006-0319 | 1 Farmers Wife | 1 Farmers Wife | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.
|
|||||
| CVE-2000-0330 | 1 Microsoft | 2 Windows 95, Windows 98 | 2025-04-03 | 7.6 HIGH | N/A |
|
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
|
|||||
| CVE-2003-0068 | 1 Michael Jennings | 1 Eterm | 2025-04-03 | 7.5 HIGH | N/A |
|
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2005-4533 | 1 Scponly | 1 Scponly | 2025-04-03 | 7.5 HIGH | N/A |
|
Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.
|
|||||
| CVE-2004-1050 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
|
|||||
| CVE-2002-1179 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
|
|||||
| CVE-1999-1255 | 1 Ccs Network | 1 Hyperseek Search Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter.
|
|||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.
|
|||||
| CVE-2006-0382 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
|
|||||
| CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
|
|||||
| CVE-2004-2495 | 1 Code-crafters | 1 Ability Mail Server | 2025-04-03 | 7.8 HIGH | N/A |
|
The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.
|
|||||
| CVE-2005-3000 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.
|
|||||
| CVE-2002-1832 | 1 Scaramanga | 1 Firestorm Ids | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options.
|
|||||
| CVE-2005-2208 | 1 Privashare | 1 Privashare | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.
|
|||||
| CVE-2004-2086 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
|
|||||
| CVE-2003-0388 | 1 Andrew Morgan | 1 Linux Pam | 2025-04-03 | 4.6 MEDIUM | N/A |
|
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
|
|||||
| CVE-2001-1206 | 1 Matrixs Cgi Vault | 1 Last Lines | 2025-04-03 | 7.5 HIGH | N/A |
|
Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable.
|
|||||
| CVE-2005-1655 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.
|
|||||
| CVE-2005-4696 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.
|
|||||