Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0209 | 1 Nortel | 1 Alteon Acedirector | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
|
|||||
| CVE-2001-0797 | 5 Hp, Ibm, Sco and 2 more | 6 Hp-ux, Aix, Openserver and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
|
|||||
| CVE-2001-1293 | 1 3com | 1 3cr29223 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
|
|||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992.
|
|||||
| CVE-2004-1883 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred.
|
|||||
| CVE-2005-1902 | 1 E-post Corporation | 1 Spa-pro Mail Atsolomon | 2025-04-03 | 3.6 LOW | N/A |
|
Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, and (4) RENAME commands.
|
|||||
| CVE-2005-4057 | 1 Jonathan Beckett | 1 Pluggedout Nexus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters.
|
|||||
| CVE-1999-1506 | 1 Sun | 1 Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.
|
|||||
| CVE-2006-1076 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
|
|||||
| CVE-2002-1667 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
|
|||||
| CVE-2006-2494 | 1 Lacaveprods | 1 Intellitamper | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file.
|
|||||
| CVE-1999-0608 | 1 Pdgsoft | 1 Pdg Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
|
|||||
| CVE-2006-1397 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form.
|
|||||
| CVE-1999-1194 | 1 Digital | 1 Ultrix | 2025-04-03 | 7.2 HIGH | N/A |
|
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
|
|||||
| CVE-2000-0373 | 1 Kde | 1 Kvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
|
|||||
| CVE-1999-0204 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
|
|||||
| CVE-2005-2207 | 1 Elemental Software | 1 Cartwiz | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2004-1539 | 1 Gearbox Software | 1 Halo Combat Evolved | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.
|
|||||
| CVE-2005-0345 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
|
|||||
| CVE-2004-2647 | 1 Reid Garner | 1 Free Web Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
|
|||||
| CVE-2002-1381 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
|
|||||
| CVE-2002-1043 | 1 Ultrafunk | 1 Popcorn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t").
|
|||||
| CVE-2005-3068 | 1 Eric Integrated Development Environment | 1 Eric Integrated Development Environment | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit."
|
|||||
| CVE-2005-2529 | 1 Sun | 1 Java | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
|
|||||
| CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."
|
|||||
| CVE-2004-0376 | 1 Oftpd | 1 Oftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value.
|
|||||
| CVE-2006-1555 | 1 Tachyon | 1 Vsns Lemon | 2025-04-03 | 7.5 HIGH | N/A |
|
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic.
|
|||||
| CVE-2003-0733 | 1 Bea | 3 Liquid Data, Weblogic Integration, Weblogic Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
|
|||||
| CVE-2002-0937 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
|
|||||
| CVE-2005-0339 | 1 Foxmail | 1 Foxmail Email Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command.
|
|||||
| CVE-2005-0335 | 1 Emotion | 1 Mediapartner Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2006-3577 | 1 Lifetype | 1 Lifetype | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
|
|||||
| CVE-2002-2057 | 1 Teekai | 1 Teekai Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
|
|||||
| CVE-2005-0804 | 1 Mailenable | 1 Mailenable Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field.
|
|||||
| CVE-2005-0183 | 1 Squirrelmail | 1 Vacation Plugin | 2025-04-03 | 7.2 HIGH | N/A |
|
ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.
|
|||||
| CVE-2005-1798 | 1 Serverscheck | 1 Monitoring Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
|
|||||
| CVE-2002-0369 | 1 Microsoft | 1 .net Framework | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
|
|||||
| CVE-2000-1082 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
|
|||||
| CVE-2005-4796 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 3.6 LOW | N/A |
|
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
|
|||||
| CVE-2006-2855 | 1 Xuebook | 1 Xuebook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter.
|
|||||