Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0965 | 1 Hp | 1 Vvos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).
|
|||||
| CVE-1999-1361 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
|
|||||
| CVE-2005-3894 | 1 Otrs | 1 Otrs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
|
|||||
| CVE-2004-0904 | 4 Conectiva, Mozilla, Netscape and 1 more | 10 Linux, Firefox, Mozilla and 7 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
|
|||||
| CVE-2001-0059 | 1 Sun | 1 Sunos | 2025-04-03 | 6.2 MEDIUM | N/A |
|
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-1999-1288 | 4 Caldera, Redhat, Samba and 1 more | 4 Openlinux, Linux, Samba and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
|
|||||
| CVE-2002-0885 | 2 Caldera, Sun | 3 Openunix, Unixware, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
|
|||||
| CVE-2005-0791 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.
|
|||||
| CVE-2002-0021 | 1 Microsoft | 1 Office | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
|
|||||
| CVE-2005-2458 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".
|
|||||
| CVE-2004-1279 | 1 Jpegtoavi | 1 Jpegtoavi | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.
|
|||||
| CVE-2006-2240 | 1 Fujitsu | 4 Netshelter Fw, Netshelter Fw-l, Netshelter Fw-m and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
|
|||||
| CVE-2005-0795 | 1 Hola | 1 Holacms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
|
|||||
| CVE-2005-1004 | 1 Profitcode | 1 Payprocart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter.
|
|||||
| CVE-2006-2539 | 1 Sybase | 1 Easerver | 2025-04-03 | 3.5 LOW | N/A |
|
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.
|
|||||
| CVE-1999-1293 | 1 Apache | 1 Http Server | 2025-04-03 | 10.0 HIGH | N/A |
|
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
|
|||||
| CVE-2004-0596 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
|
|||||
| CVE-1999-1580 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
|
|||||
| CVE-2005-2185 | 1 Emc | 1 Eroom | 2025-04-03 | 7.5 HIGH | N/A |
|
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
|
|||||
| CVE-1999-0934 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
|
|||||
| CVE-2002-2204 | 1 Redhat | 1 Redhat Package Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
|
|||||
| CVE-2002-0389 | 1 Gnu | 1 Mailman | 2025-04-03 | 2.1 LOW | N/A |
|
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
|
|||||
| CVE-2006-3192 | 1 Php Web Scripts | 1 Ad Manager Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php.
|
|||||
| CVE-2002-2080 | 1 Floosietek | 1 Ftgatepro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.
|
|||||
| CVE-2005-2470 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2002-1289 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
|
|||||
| CVE-2006-2667 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
|
|||||
| CVE-2002-2022 | 1 Kaffe | 1 Kaffe Openvm | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.
|
|||||
| CVE-1999-0865 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
|
|||||
| CVE-2006-1551 | 1 Georges Auberger | 1 Pajax | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
|
|||||
| CVE-2005-2269 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
|
|||||
| CVE-2005-2596 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.6 MEDIUM | N/A |
|
User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.
|
|||||
| CVE-2002-1769 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
|
|||||
| CVE-2005-0936 | 1 Esmi | 1 Paypal Storefront | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2000-0741 | 1 Network Associates | 1 Net Tools Pki Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.
|
|||||
| CVE-2000-0801 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
|
|||||
| CVE-2004-2164 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).
|
|||||
| CVE-2002-0994 | 1 Sun | 1 Sun Pci Ii Driver | 2025-04-03 | 7.5 HIGH | N/A |
|
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
|
|||||
| CVE-2005-1165 | 1 Yager Development | 1 Yager Game | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data.
|
|||||
| CVE-2002-0004 | 8 Caldera, Debian, Freebsd and 5 more | 9 Openlinux Server, Openlinux Workstation, Debian Linux and 6 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
|
|||||