Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0109 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
|
|||||
| CVE-2000-1187 | 1 Netscape | 2 Communicator, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
|
|||||
| CVE-2006-3239 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
|
|||||
| CVE-2001-1359 | 1 Caldera | 1 Volution | 2025-04-03 | 10.0 HIGH | N/A |
|
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
|
|||||
| CVE-2006-1805 | 1 Powerscripts | 1 Powerclan | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter.
|
|||||
| CVE-2000-0761 | 1 Ibm | 1 Os2 Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
|
|||||
| CVE-2001-0238 | 1 Microsoft | 6 Windows 2000, Windows 95, Windows 98 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
|
|||||
| CVE-2005-4596 | 1 Ades Design | 1 Adesguestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter.
|
|||||
| CVE-2005-0976 | 3 Apple, Hmdt, Omnigroup | 3 Safari, Shiira, Omniweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.
|
|||||
| CVE-2004-0393 | 1 Rlpr | 1 Rlpr | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.
|
|||||
| CVE-2002-1957 | 1 Pen | 1 Pen | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages.
|
|||||
| CVE-2006-2725 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2004-1572 | 1 Aj-fork | 1 Aj-fork | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.
|
|||||
| CVE-2004-0646 | 1 Macromedia | 2 Coldfusion, Jrun | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
|
|||||
| CVE-2006-3338 | 1 Atlassian | 1 Jira | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.
|
|||||
| CVE-1999-0854 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
|
|||||
| CVE-2003-0847 | 1 Suse | 1 Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.
|
|||||
| CVE-2000-0638 | 1 Sean Macguire | 1 Big Brother | 2025-04-03 | 10.0 HIGH | N/A |
|
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
|
|||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2025-04-03 | 7.5 HIGH | N/A |
|
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
|
|||||
| CVE-2006-2563 | 1 Php | 1 Php | 2025-04-03 | 2.1 LOW | N/A |
|
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
|
|||||
| CVE-2006-3180 | 1 Swsoft | 1 Confixx | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
|
|||||
| CVE-2005-1979 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
|
|||||
| CVE-1999-1122 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.
|
|||||
| CVE-2006-3390 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.
|
|||||
| CVE-2006-0628 | 1 Dale Ray | 1 Myquiz | 2025-04-03 | 7.5 HIGH | N/A |
|
myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.
|
|||||
| CVE-2000-0545 | 1 Sgi | 1 Mailx | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
|
|||||
| CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).
|
|||||
| CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue.
|
|||||
| CVE-2005-0135 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).
|
|||||
| CVE-2006-3575 | 1 Mcafee | 1 Virusscan | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.
|
|||||
| CVE-2002-1768 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
|
|||||
| CVE-2002-1287 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
|
|||||
| CVE-2006-4506 | 1 Netiq | 1 Identity Manager | 2025-04-03 | 3.6 LOW | N/A |
|
idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.
|
|||||
| CVE-2006-1570 | 1 Esqlanelapse | 1 Esqlanelapse | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2006-4604 | 1 Lanifex | 1 Lanifex | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
|
|||||
| CVE-2001-0032 | 1 Eric Rescorla | 1 Ssldump | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL.
|
|||||
| CVE-2001-0875 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
|
|||||
| CVE-2004-2352 | 1 Martin Bauer | 1 Gbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.
|
|||||
| CVE-2005-0289 | 1 Apple | 2 Airport Express, Airport Extreme | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.
|
|||||
| CVE-2006-4438 | 1 Doctor Web Ltd | 1 Dr.web | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
|
|||||