Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3054 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
|
|||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this ...
Show More |
|||||
| CVE-2002-0722 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."
|
|||||
| CVE-2006-4019 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
|
|||||
| CVE-2006-3803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
|
|||||
| CVE-2005-0185 | 1 Mnet Soft Factory | 1 Nodemanager Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.
|
|||||
| CVE-2002-1506 | 1 Jacques Gelinas | 1 Linuxconf | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.
|
|||||
| CVE-2000-0189 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
|
|||||
| CVE-2005-1200 | 1 Azbb | 1 Az Bulletin Board | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2005-0038 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
|
|||||
| CVE-2003-1105 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
|
|||||
| CVE-2006-4799 | 1 Xine | 1 Xine-lib | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
|
|||||
| CVE-2006-3545 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3
|
|||||
| CVE-2005-1261 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
|
|||||
| CVE-2005-3102 | 1 Six Apart | 1 Movable Type | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root.
|
|||||
| CVE-2002-0806 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.1 LOW | N/A |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
|
|||||
| CVE-2003-0333 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085.
|
|||||
| CVE-2005-1907 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
|
|||||
| CVE-2005-1286 | 1 Softwin | 1 Bitdefender Antivirus | 2025-04-03 | 1.2 LOW | N/A |
|
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
|
|||||
| CVE-2004-0730 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
|
|||||
| CVE-2006-1919 | 1 Thomas Voecking | 1 Internet Photoshow | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2002-2078 | 1 Floosietek | 2 Ftgateoffice, Ftgatepro | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command.
|
|||||
| CVE-2004-2223 | 1 Fsphpgallery | 1 Fsphpgallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image.
|
|||||
| CVE-2004-0823 | 2 Apple, Openldap | 3 Mac Os X, Mac Os X Server, Openldap | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
|
|||||
| CVE-2006-2105 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.
|
|||||
| CVE-2002-0727 | 1 Microsoft | 2 Office Web Components, Project | 2025-04-03 | 7.5 HIGH | N/A |
|
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
|
|||||
| CVE-2005-1725 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
|
|||||
| CVE-1999-0058 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PHP cgi program, php.cgi allows shell access.
|
|||||
| CVE-2001-0204 | 1 Watchguard | 1 Firebox Ii | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets.
|
|||||
| CVE-2004-2550 | 1 Xperience | 1 Sandsurfer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.
|
|||||
| CVE-1999-1550 | 1 F5 | 1 Tmos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.
|
|||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
|
|||||
| CVE-2000-1157 | 1 Network Associates | 1 Sniffer Agent | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.
|
|||||
| CVE-2004-2108 | 1 Quadcomm | 1 Q-shop | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.
|
|||||
| CVE-2006-0174 | 1 Hummingbird | 2 Collaboration, Enterprise Collaboration | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.
|
|||||
| CVE-2006-2317 | 1 Ideal Science | 1 Idealbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject.
|
|||||
| CVE-2005-0790 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message.
|
|||||
| CVE-2006-3444 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
|
|||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2025-04-03 | 1.2 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter.
|
|||||
| CVE-2004-1131 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.
|
|||||