Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0352 | 1 Woodstone | 1 Servers Alive | 2025-04-03 | 7.2 HIGH | N/A |
|
Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges.
|
|||||
| CVE-2000-0788 | 1 Microsoft | 2 Access, Word | 2025-04-03 | 10.0 HIGH | N/A |
|
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
|
|||||
| CVE-1999-0911 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
|
|||||
| CVE-2004-0737 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
|
|||||
| CVE-2006-3017 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
|
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.
|
|||||
| CVE-2001-0598 | 1 Symantec | 1 Norton Ghost | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.
|
|||||
| CVE-2005-3171 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
|
|||||
| CVE-2006-3722 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.
|
|||||
| CVE-2006-0983 | 1 David Barrett | 1 Qwikiwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2004-2148 | 1 Slava Astashonok | 1 Fprobe | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors.
|
|||||
| CVE-2005-2601 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.
|
|||||
| CVE-2001-0266 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
|
|||||
| CVE-2005-3772 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
|
|||||
| CVE-2005-3992 | 1 Wineggdropshell | 1 Wineggdropshell | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server.
|
|||||
| CVE-2005-0837 | 1 Icecast | 1 Icecast | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).
|
|||||
| CVE-2002-1789 | 1 Newsx | 1 Newsx | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.
|
|||||
| CVE-2005-3396 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
|
|||||
| CVE-1999-1581 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
|
|||||
| CVE-2006-3132 | 1 Qto | 1 Qtofilemanager | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.
|
|||||
| CVE-2001-0256 | 1 Fastream | 1 Ftp\+\+ Server | 2025-04-03 | 7.5 HIGH | N/A |
|
FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username.
|
|||||
| CVE-2001-0964 | 1 Valve Software | 1 Half-life | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command.
|
|||||
| CVE-2005-1788 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.
|
|||||
| CVE-2003-0477 | 1 Wzdftpd | 1 Wzdftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.
|
|||||
| CVE-2004-0461 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
|
|||||
| CVE-2005-1103 | 1 Sygate Technologies | 1 Security Agent | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA.
|
|||||
| CVE-2006-1402 | 1 Csdoom | 1 Csdoom | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function.
|
|||||
| CVE-2003-0205 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2025-04-03 | 7.5 HIGH | N/A |
|
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI.
|
|||||
| CVE-2006-3881 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806.
|
|||||
| CVE-2004-2203 | 1 Ansel | 1 Ansel | 2025-04-03 | 7.5 HIGH | N/A |
|
Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories.
|
|||||
| CVE-1999-0490 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
|
|||||
| CVE-2005-1250 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
|
|||||
| CVE-2004-1261 | 1 Asp2php | 1 Asp2php | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts.
|
|||||
| CVE-2006-2326 | 1 Onlyscript.info | 1 Online Universal Payment System Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-0665 | 1 John Bradley | 1 Xv | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename.
|
|||||
| CVE-2004-0905 | 5 Conectiva, Mozilla, Netscape and 2 more | 10 Linux, Firefox, Mozilla and 7 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
|
|||||
| CVE-2004-1596 | 1 3com | 1 3cradsl72 | 2025-04-03 | 7.5 HIGH | N/A |
|
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
|
|||||
| CVE-2002-1416 | 1 Webeasymail | 1 Webeasymail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.
|
|||||
| CVE-2002-1520 | 2 Rapidstream, Watchguard | 2 Rapidstream, Firebox | 2025-04-03 | 10.0 HIGH | N/A |
|
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
|
|||||
| CVE-2002-2028 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
|
|||||
| CVE-2005-3236 | 1 Cynox | 1 Cyphor | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
|
|||||