Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2126 | 1 Iss | 1 Blackice Pc Protection | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.
|
|||||
| CVE-2005-1082 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php.
|
|||||
| CVE-2002-1665 | 1 Yahoo | 1 Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field.
|
|||||
| CVE-2006-0876 | 1 Popfile | 1 Popfile | 2025-04-03 | 5.0 MEDIUM | N/A |
|
POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages.
|
|||||
| CVE-2005-0571 | 1 Punbb | 1 Punbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter.
|
|||||
| CVE-2005-1012 | 1 Iatek | 1 Siteenable | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description.
|
|||||
| CVE-2005-3244 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
|
|||||
| CVE-1999-0436 | 1 Hp | 2 Desms, Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.
|
|||||
| CVE-2004-1100 | 1 Tips | 1 Mailpost | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter.
|
|||||
| CVE-2004-0382 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.
|
|||||
| CVE-2006-1075 | 1 Jason Boettcher | 1 Liero Xtreme | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server name, or (3) a mapname in a level (aka .lxl) file.
|
|||||
| CVE-2002-0768 | 2 Luke Mewburn, Suse | 2 Lukemftp, Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
|
|||||
| CVE-1999-0140 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in RAS/PPTP on NT systems.
|
|||||
| CVE-2003-0423 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
|
|||||
| CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.
|
|||||
| CVE-2002-0008 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
|
|||||
| CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
|
|||||
| CVE-2006-2322 | 1 Cisco | 2 Application Velocity System 3110, Application Velocity System 3120 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143.
|
|||||
| CVE-2004-1088 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
|
|||||
| CVE-2003-0914 | 9 Compaq, Freebsd, Hp and 6 more | 10 Tru64, Freebsd, Hp-ux and 7 more | 2025-04-03 | 4.3 MEDIUM | N/A |
|
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
|
|||||
| CVE-2006-4900 | 1 Broadcom | 1 Etrust Security Command Center | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
|
|||||
| CVE-2004-0239 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
|
|||||
| CVE-2000-0701 | 3 Conectiva, Gnu, Redhat | 3 Linux, Mailman, Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
|
|||||
| CVE-1999-0139 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
|
|||||
| CVE-2000-0376 | 1 I-drive | 1 Filo | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.
|
|||||
| CVE-2006-2837 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp.
|
|||||
| CVE-2005-4153 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.8 HIGH | N/A |
|
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
|
|||||
| CVE-1999-1128 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
|
|||||
| CVE-2000-0306 | 1 Sco | 1 Openserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
|
|||||
| CVE-2002-1188 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."
|
|||||
| CVE-2002-1630 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
|
|||||
| CVE-2000-0336 | 4 Mandrakesoft, Openldap, Redhat and 1 more | 4 Mandrake Linux, Openldap, Linux and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2002-1269 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
|
|||||
| CVE-2005-2205 | 1 Pngren | 1 Pngren | 2025-04-03 | 7.5 HIGH | N/A |
|
The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
|
|||||
| CVE-2006-4943 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
|
|||||
| CVE-1999-1563 | 1 Nachuatec | 2 D435, D445 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.
|
|||||
| CVE-2004-0177 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.
|
|||||
| CVE-2004-0739 | 1 Snapfiles | 1 Whisper Ftp Surfer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename.
|
|||||
| CVE-2004-0468 | 1 Juniper | 1 Junos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
|
|||||
| CVE-2005-1447 | 1 Sitepanel | 1 Sitepanel | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter.
|
|||||