Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0593 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
|
|||||
| CVE-2002-2020 | 1 Netgear | 1 Rp114 | 2025-04-03 | 7.5 HIGH | N/A |
|
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
|
|||||
| CVE-2005-2577 | 1 Wyse | 1 Winterm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field.
|
|||||
| CVE-2000-0167 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 2.1 LOW | N/A |
|
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
|
|||||
| CVE-2006-4198 | 1 Wheatblog | 1 Wheatblog | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter.
|
|||||
| CVE-2004-1230 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.
|
|||||
| CVE-2006-1782 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
|
|||||
| CVE-2005-3532 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
|
|||||
| CVE-2005-4087 | 1 Sugarcrm | 1 Sugar Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.
|
|||||
| CVE-2001-0175 | 1 Netscape | 1 Fasttrack Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs.
|
|||||
| CVE-1999-0107 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
|
|||||
| CVE-2006-2230 | 1 Xine | 1 Xine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
|
|||||
| CVE-2000-1213 | 3 Immunix, Iputils, Redhat | 3 Immunix, Iputils, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
|
|||||
| CVE-2003-0146 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
|
|||||
| CVE-2002-0882 | 1 Cisco | 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script.
|
|||||
| CVE-2006-2254 | 1 Intervations | 1 Filecopa | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters.
|
|||||
| CVE-2005-2485 | 1 Logicampus | 1 Logicampus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2006-3509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
|
|||||
| CVE-1999-1042 | 1 Cisco | 1 Resource Manager | 2025-04-03 | 1.2 LOW | N/A |
|
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
|
|||||
| CVE-2005-2669 | 2 Broadcom, Ca | 28 Advantage Data Transport, Adviseit, Brightstor Portal and 25 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
|
|||||
| CVE-2006-1236 | 1 Crossfire | 1 Crossfire | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
|
|||||
| CVE-2001-1241 | 1 Steve Grimm | 1 Un-cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
|
|||||
| CVE-2006-3140 | 1 Openci | 1 Openci | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2001-0467 | 1 Robtex | 1 Viking Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
|
|||||
| CVE-2005-4259 | 1 Aspbb | 1 Aspbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
|
|||||
| CVE-2000-0874 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).
|
|||||
| CVE-2005-1556 | 1 Gamespy | 1 Gamespy Sdk Cd-key Validation Toolkit | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.
|
|||||
| CVE-1999-0277 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
The WorkMan program can be used to overwrite any file to get root access.
|
|||||
| CVE-2005-3622 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
|
|||||
| CVE-2000-0323 | 1 Microsoft | 1 Jet | 2025-04-03 | 7.6 HIGH | N/A |
|
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
|
|||||
| CVE-1999-0868 | 5 Isc, Nec, Netscape and 2 more | 6 Inn, Goah Intrasv, Goah Networksv and 3 more | 2025-04-03 | 7.2 HIGH | N/A |
|
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
|
|||||
| CVE-2001-0697 | 1 Netwin | 1 Surgeftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
|
|||||
| CVE-2001-1173 | 1 Masqmail | 1 Masqmail | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
|
|||||
| CVE-2001-0643 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
|
|||||
| CVE-2000-0420 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
|
|||||
| CVE-2002-0763 | 1 Hp | 1 Virtualvault | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.
|
|||||
| CVE-2005-3730 | 1 Revize Cms | 1 Revize Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp.
|
|||||
| CVE-1999-1271 | 1 Macromedia | 1 Dreamweaver | 2025-04-03 | 2.1 LOW | N/A |
|
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
|
|||||
| CVE-2005-1317 | 1 Horde | 1 Chora | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-2000-0101 | 1 Make-a-store | 1 Orderpage | 2025-04-03 | 7.5 HIGH | N/A |
|
The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||