Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4658 | 1 Panda | 1 Panda Platinum Internet Security | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.
|
|||||
| CVE-2005-0978 | 1 Ivt | 1 Bluesoleil | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.
|
|||||
| CVE-2004-0422 | 1 Gnu | 1 Flim | 2025-04-03 | 2.1 LOW | N/A |
|
flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.
|
|||||
| CVE-2002-1030 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
|
|||||
| CVE-2005-0991 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.
|
|||||
| CVE-2005-1797 | 1 Openssl | 1 Openssl | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
|
|||||
| CVE-2005-3301 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
|
|||||
| CVE-1999-1172 | 1 Maximizer | 1 Maximizer Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
|
|||||
| CVE-2006-3051 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
|
|||||
| CVE-2005-1772 | 1 Atari | 1 Terminator 3 War Of The Machines | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556.
|
|||||
| CVE-2006-3793 | 1 Sitedepth | 1 Sitedepth Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.
|
|||||
| CVE-2003-0315 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow.
|
|||||
| CVE-2005-1578 | 1 Guidance Software | 1 Encase | 2025-04-03 | 2.1 LOW | N/A |
|
EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.
|
|||||
| CVE-2002-1537 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 10.0 HIGH | N/A |
|
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
|
|||||
| CVE-2000-1201 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
|
|||||
| CVE-2006-1188 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
|
|||||
| CVE-2005-2188 | 1 Mcafee | 1 Intrushield Security Management System | 2025-04-03 | 7.5 HIGH | N/A |
|
McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.
|
|||||
| CVE-2004-2528 | 1 Webcam Corp | 1 Webcam Watchdog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
|
|||||
| CVE-2006-3003 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed.
|
|||||
| CVE-2001-1500 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
|
|||||
| CVE-2000-0472 | 1 Isc | 1 Inn | 2025-04-03 | 3.6 LOW | N/A |
|
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
|
|||||
| CVE-2005-1489 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.
|
|||||
| CVE-2006-0634 | 1 Borland Software | 1 C\+\+ Builder | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
|
|||||
| CVE-2005-2894 | 1 Pblang | 1 Pblang | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field.
|
|||||
| CVE-2003-0861 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
|
|||||
| CVE-1999-0231 | 1 Seattle Lab Software | 1 Slmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access.
|
|||||
| CVE-2005-4005 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
|
|||||
| CVE-2005-2592 | 1 Parlano | 1 Mindalign | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors.
|
|||||
| CVE-2000-0841 | 1 Davide Libenzi | 1 Xmail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command.
|
|||||
| CVE-2005-0983 | 4 Activision, Id Software, Lucasarts and 1 more | 10 Call Of Duty, Call Of Duty United Offensive, Return To Castle Wolfenstein and 7 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
|
|||||
| CVE-2002-1023 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.
|
|||||
| CVE-2006-0045 | 1 Linley Henzell | 1 Dungeon Crawl | 2025-04-03 | 7.2 HIGH | N/A |
|
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.
|
|||||
| CVE-2004-2677 | 1 Qwikmail | 1 Qwikmail Smtp | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
|
|||||
| CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
|
|||||
| CVE-2005-0084 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.
|
|||||
| CVE-2005-3520 | 1 Mysource | 1 Mysource | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php.
|
|||||
| CVE-2005-0475 | 1 Php Arena | 1 Pafaq | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
|
|||||
| CVE-2003-0257 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.
|
|||||
| CVE-2004-0456 | 3 Debian, Gentoo, Pavuk | 3 Debian Linux, Linux, Pavuk | 2025-04-03 | 7.6 HIGH | N/A |
|
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
|
|||||
| CVE-2005-2120 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
|
|||||