Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1030 | 6 Caldera, Immunix, Mandrakesoft and 3 more | 8 Openlinux Server, Immunix, Mandrake Linux and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
|
|||||
| CVE-2006-4003 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.
|
|||||
| CVE-2004-0271 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
|
|||||
| CVE-2005-2627 | 1 Kismet | 1 Kismet | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows.
|
|||||
| CVE-2002-1256 | 1 Microsoft | 3 Windows 2000, Windows 2000 Terminal Services, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
|
|||||
| CVE-2005-4094 | 1 Docebolms | 1 Docebolms | 2025-04-03 | 7.5 HIGH | N/A |
|
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.
|
|||||
| CVE-2004-0433 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
|
|||||
| CVE-2005-1045 | 1 Centrinity | 1 Centrinity Firstclass Desktop Client | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
|
|||||
| CVE-1999-1524 | 1 Flowpoint | 1 Flowpoint Dsl Router | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port.
|
|||||
| CVE-2006-1243 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
|
|||||
| CVE-2005-0083 | 1 Mysql | 1 Maxdb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.
|
|||||
| CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.2 HIGH | N/A |
|
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.
|
|||||
| CVE-2005-1528 | 1 Qnx | 1 Rtos | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.
|
|||||
| CVE-2006-2702 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
|
|||||
| CVE-2002-1196 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
|
|||||
| CVE-2005-2128 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.
|
|||||
| CVE-2006-0907 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter.
|
|||||
| CVE-2005-0621 | 1 Enlight Software | 1 Scrapland | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets.
|
|||||
| CVE-2006-4423 | 1 Bigace | 1 Bigace | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php.
|
|||||
| CVE-2003-1462 | 1 Mod Survey | 1 Mod Survey | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash).
|
|||||
| CVE-2000-0033 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.
|
|||||
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.
|
|||||
| CVE-2005-0404 | 2 Kde, Kmail | 2 Kde, Kmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
|
|||||
| CVE-2005-2710 | 1 Realnetworks | 2 Helix Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
|
|||||
| CVE-2006-1478 | 1 Turnkey Web Tools | 1 Php Live Helper | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.
|
|||||
| CVE-2005-0323 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2003-0239 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.
|
|||||
| CVE-2006-2722 | 1 Out Of The Trees Web Design | 1 Selectapix | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
|
|||||
| CVE-2006-1510 | 1 Microsoft | 1 .net Framework | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method.
|
|||||
| CVE-2005-1247 | 1 Novell | 1 Nsure Audit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
|
|||||
| CVE-2004-1425 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2006-3563 | 1 Winged Gallery | 1 Winged Gallery | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
|
|||||
| CVE-2005-0158 | 1 Bidwatcher | 1 Bidwatcher | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses.
|
|||||
| CVE-2000-0924 | 1 Armada Design | 1 Master Index | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.
|
|||||
| CVE-2005-2873 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.
|
|||||
| CVE-2004-1973 | 1 Digi | 1 Www Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters.
|
|||||
| CVE-2002-2038 | 1 Bill Abt | 1 Next Generation Posix Threading | 2025-04-03 | 3.6 LOW | N/A |
|
Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.
|
|||||
| CVE-2005-1695 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
|
|||||
| CVE-1999-0312 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP ypbind allows attackers with root privileges to modify NIS data.
|
|||||
| CVE-2000-0856 | 1 Xs4all Data | 1 Xs4all Data Sunftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
|
|||||