Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter.
|
|||||
| CVE-1999-0250 | 1 Dan Bernstein | 1 Qmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Denial of service in Qmail through long SMTP commands.
|
|||||
| CVE-2005-3062 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.
|
|||||
| CVE-2005-0923 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2025-04-03 | 2.1 LOW | N/A |
|
The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
|
|||||
| CVE-1999-0272 | 1 Slmail | 1 Slmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Slmail v2.5 through the POP3 port.
|
|||||
| CVE-2005-1980 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."
|
|||||
| CVE-1999-1036 | 1 Cops | 1 Cops | 2025-04-03 | 7.2 HIGH | N/A |
|
COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk.
|
|||||
| CVE-2005-2409 | 1 Nbsmtp | 1 Nbsmtp | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
|
|||||
| CVE-2005-0924 | 1 Adventia | 1 E-data | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword.
|
|||||
| CVE-2004-0544 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.
|
|||||
| CVE-2001-1383 | 1 Redhat | 1 Linux | 2025-04-03 | 6.2 MEDIUM | N/A |
|
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
|
|||||
| CVE-2006-2100 | 1 Magic Iso Maker | 1 Magic Iso Maker | 2025-04-03 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
|
|||||
| CVE-2000-0471 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
|
|||||
| CVE-2005-4648 | 1 Illustrate | 1 Dbpoweramp Music Converter | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier ...
Show More |
|||||
| CVE-2003-0323 | 1 Michael Sandrof | 1 Ircii | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.
|
|||||
| CVE-2003-1051 | 1 Ibm | 1 Db2 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
|
|||||
| CVE-2002-1932 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
|
|||||
| CVE-2004-1071 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.
|
|||||
| CVE-2005-1799 | 1 Freestyle | 2 Wiki, Wikilite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2001-0187 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
|
|||||
| CVE-2006-3591 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
|
|||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
|
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
|
|||||
| CVE-2000-0722 | 1 Helix Code | 1 Gnome Updater | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
|
|||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
|
|||||
| CVE-2000-0562 | 1 Iss | 2 Blackice Agent, Blackice Defender | 2025-04-03 | 7.5 HIGH | N/A |
|
BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.
|
|||||
| CVE-2005-2246 | 1 Iphotoalbum | 1 Iphotoalbum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.
|
|||||
| CVE-2004-2759 | 1 Sun | 4 Storedge Qfs, Storedge Sam-qfs, Storeedge Performance Suite and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.
|
|||||
| CVE-2005-2041 | 1 Hauri | 1 Virobot Linux Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
|
|||||
| CVE-2001-0303 | 1 Pi3 | 1 Pi3web | 2025-04-03 | 5.0 MEDIUM | N/A |
|
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
|
|||||
| CVE-2006-1184 | 1 Microsoft | 5 Distributed Transaction Coordinator, Windows 2000, Windows 2003 Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
|
|||||
| CVE-2003-0546 | 1 Redhat | 1 Up2date | 2025-04-03 | 7.5 HIGH | N/A |
|
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.
|
|||||
| CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.
|
|||||
| CVE-1999-0931 | 1 Mediahouse Software | 1 Statistics Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.
|
|||||
| CVE-2004-1017 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
|
|||||
| CVE-2005-0187 | 1 Athoc | 1 Athoc Toolbar | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name.
|
|||||
| CVE-2000-0254 | 1 Craig Dansie | 1 Dansie Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
|
|||||
| CVE-2006-1893 | 1 Ar-blog | 1 Ar-blog | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2002-2168 | 1 Thorsten Korner | 1 123tkshop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php.
|
|||||
| CVE-2004-1734 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2003-0840 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.
|
|||||