Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1569 | 2 Ghostview, Gv | 2 Ghostview, Gv | 2025-04-03 | 7.5 HIGH | N/A |
|
gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.
|
|||||
| CVE-2004-2146 | 1 Pd9 Software | 1 Megabbs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.
|
|||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2025-04-03 | 7.5 HIGH | N/A |
|
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
|
|||||
| CVE-2003-0991 | 2 Gnu, Sgi | 2 Mailman, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
|
|||||
| CVE-2004-2565 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
|
|||||
| CVE-2006-0930 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter.
|
|||||
| CVE-2006-0870 | 1 Mini-nuke | 1 Mini-nuke Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
|
|||||
| CVE-2005-0373 | 6 Apple, Conectiva, Cyrus and 3 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2002-1338 | 1 Microsoft | 1 Office Web Components | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.
|
|||||
| CVE-2004-2269 | 1 Matt Shelton | 1 Pads | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability.
|
|||||
| CVE-2006-1160 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file.
|
|||||
| CVE-2004-0981 | 4 Debian, Gentoo, Imagemagick and 1 more | 4 Debian Linux, Linux, Imagemagick and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
|
|||||
| CVE-2005-0291 | 1 Netgear | 1 Fvs318 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
|
|||||
| CVE-2006-0461 | 1 Pmachine | 1 Expressionengine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
|
|||||
| CVE-2002-0791 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.
|
|||||
| CVE-2001-0398 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 7.5 HIGH | N/A |
|
The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.
|
|||||
| CVE-1999-0276 | 1 Hughes | 1 Msql | 2025-04-03 | 7.5 HIGH | N/A |
|
mSQL v2.0.1 and below allows remote execution through a buffer overflow.
|
|||||
| CVE-2006-3546 | 1 Ada | 1 Imgsvr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.
|
|||||
| CVE-2001-0774 | 1 Tripwire | 1 Tripwire | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
|
|||||
| CVE-2005-4445 | 1 David Harris | 1 Pegasus Mail | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
|
|||||
| CVE-2004-0555 | 1 Gnu | 1 Queue | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2002-2179 | 1 Unisys | 1 Clearpath Mcp | 2025-04-03 | 7.8 HIGH | N/A |
|
The dynamic initialization feature of the ClearPath MCP environment allows remote attackers to cause a denial of service (crash) via a TCP port scan using a tool such as nmap.
|
|||||
| CVE-2006-4287 | 2 Nes Game, Nes System | 2 Nes Game, Nes System | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.
|
|||||
| CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.
|
|||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | 7.5 HIGH | N/A |
|
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
|
|||||
| CVE-2005-1391 | 1 Apsis | 1 Pound | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.
|
|||||
| CVE-2000-0591 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
|
|||||
| CVE-2001-0471 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | N/A |
|
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
|
|||||
| CVE-2002-0621 | 1 Microsoft | 1 Commerce Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
|
|||||
| CVE-2003-1005 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
|
|||||
| CVE-2006-3170 | 1 Comscripts | 1 Cs-forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
|
|||||
| CVE-2001-0127 | 1 Oliver Debon | 1 Flash | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag.
|
|||||
| CVE-2003-0820 | 1 Microsoft | 2 Word, Works | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
|
|||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter.
|
|||||
| CVE-2006-1581 | 1 Blanknberg | 1 Blanknberg | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter.
|
|||||
| CVE-2004-2674 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
|
|||||
| CVE-2006-1715 | 1 Tugzip | 1 Tugzip | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.
|
|||||
| CVE-2002-0632 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server.
|
|||||
| CVE-2005-0599 | 1 Cisco | 1 Application And Content Networking Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets.
|
|||||
| CVE-2005-3242 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.
|
|||||