Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0818 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
|
|||||
| CVE-2003-0360 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
|
|||||
| CVE-2001-0745 | 1 Netscape | 1 Messanger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.
|
|||||
| CVE-2002-1513 | 1 Compaq | 1 Tcp-ip Services | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
|
|||||
| CVE-2004-1498 | 1 Webhost Automation | 1 Helm Control Panel | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.
|
|||||
| CVE-1999-0462 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.
|
|||||
| CVE-2005-4387 | 1 Contenite | 1 Contenite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2000-0433 | 1 Suse | 1 Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
|
|||||
| CVE-2002-1531 | 1 Surfcontrol | 1 Superscout Email Filter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter.
|
|||||
| CVE-2005-2202 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2000-0220 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event.
|
|||||
| CVE-2002-2042 | 1 Qnx | 1 Rtos | 2025-04-03 | 7.2 HIGH | N/A |
|
ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.
|
|||||
| CVE-1999-1094 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
|
|||||
| CVE-2002-1307 | 1 Mhonarc | 1 Mhonarc | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
|
|||||
| CVE-2006-3743 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
|
|||||
| CVE-2002-2282 | 1 Mcafee | 1 Virusscan | 2025-04-03 | 6.9 MEDIUM | N/A |
|
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
|
|||||
| CVE-2004-0311 | 1 Apc | 1 Ap9606 | 2025-04-03 | 10.0 HIGH | N/A |
|
American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2001-0837 | 1 Deltathree | 1 Pc-to-phone | 2025-04-03 | 2.1 LOW | N/A |
|
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
|
|||||
| CVE-2002-0189 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
|
|||||
| CVE-2001-1144 | 1 Mcafee | 1 Asap Virusscan | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
|
|||||
| CVE-2001-0612 | 1 Mcafee | 1 Remote Desktop 32 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.
|
|||||
| CVE-2004-2297 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.
|
|||||
| CVE-1999-1030 | 1 Behold Software | 1 Web Page Counter | 2025-04-03 | 5.0 MEDIUM | N/A |
|
counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation.
|
|||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.
|
|||||
| CVE-2002-0730 | 1 Philip Chinery | 1 Philip Chinerys Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
|
|||||
| CVE-1999-0840 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
|
|||||
| CVE-2001-0228 | 1 Goahead Software | 1 Goahead Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.
|
|||||
| CVE-2005-2392 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.
|
|||||
| CVE-2005-0972 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
|
|||||
| CVE-2004-1091 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
|
|||||
| CVE-2006-1629 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2025-04-03 | 9.0 HIGH | N/A |
|
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.
|
|||||
| CVE-2005-3754 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
|
|||||
| CVE-2001-0180 | 1 Lars Ellingsen | 1 Guestserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.
|
|||||
| CVE-1999-0423 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.
|
|||||
| CVE-2002-0970 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
|
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
|
|||||
| CVE-2001-1194 | 1 Zyxel | 2 Prestige 1600, Prestige 681 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
|
|||||
| CVE-2006-1872 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.
|
|||||
| CVE-2000-0907 | 1 Etype | 1 Eserv | 2025-04-03 | 7.5 HIGH | N/A |
|
EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.
|
|||||
| CVE-2006-4634 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
|
|||||
| CVE-2001-0210 | 1 Carey Internet Service | 1 Commerce.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter.
|
|||||