Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3105 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
|
|||||
| CVE-2002-2116 | 1 Netgear | 2 Rm356, Rt338 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap.
|
|||||
| CVE-2005-1262 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.
|
|||||
| CVE-1999-1400 | 1 The Economist | 1 The Economist 1999 Screen Saver | 2025-04-03 | 2.1 LOW | N/A |
|
The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.
|
|||||
| CVE-2001-0578 | 1 Sco | 1 Openserver | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
|
|||||
| CVE-2005-1548 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
|
|||||
| CVE-2000-1112 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
|
|||||
| CVE-2002-1014 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
|
|||||
| CVE-2004-1626 | 1 Code-crafters | 1 Ability Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
|
|||||
| CVE-2004-1968 | 1 Openbb | 1 Openbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter.
|
|||||
| CVE-2005-4404 | 1 Media2 Cms | 1 Media2 Cms Shop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
|
|||||
| CVE-2002-1457 | 1 Leszek Krupinski | 1 L-forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
|
|||||
| CVE-2003-1330 | 2 Clearswift Limited, Microsoft | 2 Mailsweeper, All Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove.
|
|||||
| CVE-2000-1163 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
|
|||||
| CVE-2006-3920 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
|
|||||
| CVE-2002-0252 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.
|
|||||
| CVE-2000-0854 | 1 Microsoft | 1 Office | 2025-04-03 | 10.0 HIGH | N/A |
|
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
|
|||||
| CVE-2006-0176 | 1 Xmame | 1 Xmame | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
|
|||||
| CVE-2004-1436 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 7.5 HIGH | N/A |
|
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
|
|||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters.
|
|||||
| CVE-2000-0492 | 1 Passwd | 1 Passwd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.
|
|||||
| CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
|
|||||
| CVE-2004-1107 | 1 Gentoo | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2002-1603 | 1 Goahead Software | 1 Goahead Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
|
|||||
| CVE-2006-2862 | 1 Particle Soft | 1 Particle Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter.
|
|||||
| CVE-1999-0669 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
|
|||||
| CVE-2002-1375 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
|
|||||
| CVE-2006-2523 | 1 Smartisoft | 1 Phplistpro | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
|
|||||
| CVE-1999-0061 | 4 Bsdi, Freebsd, Linux and 1 more | 4 Bsd Os, Freebsd, Linux Kernel and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
|
|||||
| CVE-2005-3237 | 1 Cynox | 1 Cyphor | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote attackers to inject arbitrary web script or HTML via the t_login parameter of footer.php.
|
|||||
| CVE-2005-1908 | 1 Perception | 1 Liteweb | 2025-04-03 | 7.5 HIGH | N/A |
|
Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.
|
|||||
| CVE-2006-2158 | 1 Stadtaus | 1 Guestbook Script | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.
|
|||||
| CVE-2006-0254 | 1 Apache | 1 Geronimo | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
|
|||||
| CVE-2006-4050 | 1 David Walker | 1 Phpautomembersarea | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
|
|||||
| CVE-2005-0926 | 1 Sylpheed | 1 Sylpheed | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.
|
|||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
|
|||||
| CVE-1999-0146 | 1 Ncsa | 2 Campas, Servers | 2025-04-03 | 7.5 HIGH | N/A |
|
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
|
|||||
| CVE-2002-0143 | 2 Enlightenment, Michael Jennings | 2 Imlib, Eterm | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
|
|||||
| CVE-2006-4141 | 1 Vwar | 1 Virtual War | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.
|
|||||
| CVE-2006-2209 | 1 Php Arena | 1 Pacheckbook | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||