Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3524 | 1 Sipfoundry | 1 Sipxtapi | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
|
|||||
| CVE-2005-4054 | 1 Pluggedout | 1 Pluggedout Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.
|
|||||
| CVE-2006-0330 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).
|
|||||
| CVE-1999-0214 | 1 Sun | 1 Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Denial of service by sending forged ICMP unreachable packets.
|
|||||
| CVE-2006-0445 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-03 | 4.0 MEDIUM | N/A |
|
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
|
|||||
| CVE-2005-0221 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
|
|||||
| CVE-2002-0993 | 1 Hp | 1 Instant Support | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files.
|
|||||
| CVE-2000-1020 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
|
|||||
| CVE-2000-1243 | 1 Dansie | 1 Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
|
|||||
| CVE-2006-4554 | 1 Becubed | 1 Compression Plus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header.
|
|||||
| CVE-1999-1321 | 1 Mit | 1 Kerberos | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
|
|||||
| CVE-2000-1206 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
|
|||||
| CVE-2000-0778 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
|
|||||
| CVE-2005-2765 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should b ...
Show More |
|||||
| CVE-2005-2661 | 1 Up-imapproxy | 1 Up-imapproxy | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.
|
|||||
| CVE-2003-0876 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
|
|||||
| CVE-2005-2161 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.
|
|||||
| CVE-2001-1010 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
|
|||||
| CVE-2001-1425 | 1 Alcatel | 1 Speed Touch Home | 2025-04-03 | 7.5 HIGH | N/A |
|
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
|
|||||
| CVE-2001-0744 | 1 Horde | 1 Imp | 2025-04-03 | 2.1 LOW | N/A |
|
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
|
|||||
| CVE-2003-0913 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
|
|||||
| CVE-1999-0893 | 1 Sco | 1 Openserver | 2025-04-03 | 2.1 LOW | N/A |
|
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
|
|||||
| CVE-2005-1490 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 2.1 LOW | N/A |
|
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
|
|||||
| CVE-2006-1661 | 1 Sk Soft | 1 Skforum | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
|
|||||
| CVE-1999-0525 | 2025-04-03 | N/A | N/A | ||
|
IP traceroute is allowed from arbitrary hosts.
|
|||||
| CVE-2002-1508 | 1 Openldap | 1 Openldap | 2025-04-03 | 1.2 LOW | N/A |
|
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
|
|||||
| CVE-2004-2409 | 1 Samhain Labs | 1 Samhain | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.
|
|||||
| CVE-2004-0265 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.
|
|||||
| CVE-2005-0723 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php.
|
|||||
| CVE-2006-4131 | 1 Arcsoft | 1 Mms Composer | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.
|
|||||
| CVE-2005-1285 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
|
|||||
| CVE-2005-2651 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 7.5 HIGH | N/A |
|
gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter.
|
|||||
| CVE-2006-1830 | 1 Sun | 1 Java Studio Enterprise | 2025-04-03 | 3.7 LOW | N/A |
|
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2000-0543 | 1 Pgp | 1 Certificate Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000.
|
|||||
| CVE-2003-1045 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
|
|||||
| CVE-2006-2791 | 1 Net Art Media | 1 Iboutique.mall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter.
|
|||||
| CVE-1999-0514 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.
|
|||||
| CVE-2002-1124 | 1 Purity | 1 Purity | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables.
|
|||||
| CVE-2005-2522 | 1 Apple | 2 Mac Os X, Safari | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
|
|||||
| CVE-2005-1758 | 1 Novell | 1 Netmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.
|
|||||