Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4832 | 1 Oracle | 1 Oracle10g | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
|
|||||
| CVE-2004-1631 | 1 Openwfe | 1 Work Flow Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.
|
|||||
| CVE-2000-0668 | 3 Conectiva, Michael K. Johnson, Redhat | 3 Linux, Pam Console, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
|
|||||
| CVE-2004-0760 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
|
|||||
| CVE-2006-1656 | 1 Vserver | 1 Util-vserver | 2025-04-03 | 7.2 HIGH | N/A |
|
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.
|
|||||
| CVE-2001-1240 | 1 Engardelinux | 1 Secure Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
|
|||||
| CVE-2005-1773 | 1 Lsoft | 1 Listserv | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.
|
|||||
| CVE-2004-0193 | 1 Iss | 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
|
|||||
| CVE-2003-0086 | 1 Samba | 1 Samba | 2025-04-03 | 1.2 LOW | N/A |
|
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
|
|||||
| CVE-2005-0639 | 3 Altlinux, Suse, Xli | 3 Alt Linux, Suse Linux, Xli | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.
|
|||||
| CVE-2006-0650 | 1 Cpaint | 1 Cpaint | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
|
|||||
| CVE-2004-0362 | 1 Iss | 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
|
|||||
| CVE-2004-1577 | 1 Greg Donald | 1 Phplinks | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.
|
|||||
| CVE-2005-1328 | 1 Oneworldstore | 1 Oneworldstore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp.
|
|||||
| CVE-2005-4047 | 1 Iisworks | 1 Aspknowledgebase | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter.
|
|||||
| CVE-2005-2733 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-2196 | 1 Apple | 1 Airport Card | 2025-04-03 | 2.1 LOW | N/A |
|
The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.
|
|||||
| CVE-2002-1292 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
|
|||||
| CVE-2001-1107 | 1 Snapstream | 1 Pvs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
|
|||||
| CVE-2001-0330 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
|
|||||
| CVE-2001-0389 | 1 Ibm | 2 Net.commerce, Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
|
|||||
| CVE-2004-2110 | 1 Phorum | 1 Phorum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
|
|||||
| CVE-2006-2761 | 1 Hitachi | 1 Hitsenser3 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2005-2755 | 1 Apple | 1 Quicktime | 2025-04-03 | 2.6 LOW | N/A |
|
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
|
|||||
| CVE-1999-0979 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
|
|||||
| CVE-2004-0313 | 1 Psoproxy | 1 Psoproxy Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.
|
|||||
| CVE-2001-0704 | 1 Arcadia | 1 Arcadia Internet Store | 2025-04-03 | 7.5 HIGH | N/A |
|
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.
|
|||||
| CVE-1999-1058 | 1 Arcane Software | 1 Vermillion Ftp Daemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands.
|
|||||
| CVE-2001-0966 | 1 Nudester.org | 1 Nudester | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
|
|||||
| CVE-2006-1951 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering.
|
|||||
| CVE-2004-0322 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
|
|||||
| CVE-2004-0202 | 1 Microsoft | 7 Directx, Windows 2000, Windows 2003 Server and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
|
|||||
| CVE-2006-1529 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
|
|||||
| CVE-2006-2277 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.
|
|||||
| CVE-2001-1345 | 1 Jetico | 1 Bestcrypt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.
|
|||||
| CVE-2005-0348 | 1 Realnetworks | 1 Realarcade | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.
|
|||||
| CVE-2004-2564 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.
|
|||||
| CVE-2006-0072 | 1 Sco | 1 Openserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.
|
|||||
| CVE-2005-2879 | 1 Advansysperu Software | 1 Usb Lock Auto-protect | 2025-04-03 | 2.1 LOW | N/A |
|
Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.
|
|||||
| CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
|
|||||