Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1438 | 2 Handspring, Palm | 2 Visor, Palm Os | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
|
|||||
| CVE-2006-2081 | 1 Oracle | 1 Database Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL ...
Show More |
|||||
| CVE-2004-0740 | 1 Lexmark | 1 T522 Network Printer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.
|
|||||
| CVE-2006-2610 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.
|
|||||
| CVE-2006-2474 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.
|
|||||
| CVE-1999-0997 | 3 Millenux Gmbh, Redhat, University Of Washington | 3 Anonftp, Linux, Wu-ftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
|
|||||
| CVE-1999-0293 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
AAA authentication on Cisco systems allows attackers to execute commands without authorization.
|
|||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter.
|
|||||
| CVE-2006-3612 | 1 Phorum | 1 Phorum | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2005-3828 | 1 Activecampaign | 1 Knowledgebuilder | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.
|
|||||
| CVE-2005-2891 | 1 Csystems | 1 Webarchivex | 2025-04-03 | 6.4 MEDIUM | N/A |
|
WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.
|
|||||
| CVE-2005-2228 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.
|
|||||
| CVE-2001-0429 | 1 Cisco | 1 Catos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
|
|||||
| CVE-2002-1018 | 1 Adobe | 1 Adobe Content Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times.
|
|||||
| CVE-2004-0208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
|
|||||
| CVE-2004-1187 | 3 Mandrakesoft, Mplayer, Xine | 4 Mandrake Linux, Mplayer, Xine and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
|
|||||
| CVE-2005-3137 | 1 Gnu | 1 Cfengine | 2025-04-03 | 2.1 LOW | N/A |
|
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
|
|||||
| CVE-2001-0071 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 2.1 LOW | N/A |
|
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
|
|||||
| CVE-2006-4314 | 1 Symantec | 1 Enterprise Security Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request.
|
|||||
| CVE-2004-0052 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.
|
|||||
| CVE-2006-2592 | 1 Dschat | 1 Dschat | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2001-1327 | 1 Berkeley Softworks | 1 Pmake | 2025-04-03 | 4.6 MEDIUM | N/A |
|
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
|
|||||
| CVE-2002-0570 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.
|
|||||
| CVE-2001-1328 | 1 Sun | 1 Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2000-0158 | 1 Sco | 1 Openserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.
|
|||||
| CVE-2005-0347 | 1 Realnetworks | 1 Realarcade | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow.
|
|||||
| CVE-2005-2600 | 1 Ilia Alshanetsky | 1 Fudforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
|
|||||
| CVE-2004-2280 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
|
|||||
| CVE-2001-0068 | 1 Apple | 1 Mac Os Runtime For Java | 2025-04-03 | 2.6 LOW | N/A |
|
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
|
|||||
| CVE-2006-0012 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
|
|||||
| CVE-1999-0805 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests.
|
|||||
| CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password.
|
|||||
| CVE-2002-1562 | 1 Acme Labs | 1 Thttpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
|
|||||
| CVE-2003-1083 | 1 Tildeslash | 1 Monit | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
|
|||||
| CVE-1999-1173 | 1 Corel | 1 Wordperfect | 2025-04-03 | 2.1 LOW | N/A |
|
Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.
|
|||||
| CVE-2004-2643 | 1 Microsoft | 1 Cabarc | 2025-04-03 | 3.7 LOW | N/A |
|
Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
|
|||||
| CVE-2005-0693 | 1 Jowood Productions | 1 Chaser | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname.
|
|||||
| CVE-2006-4607 | 1 Longino | 1 Jacome Php-revista | 2025-04-03 | 7.5 HIGH | N/A |
|
admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
|
|||||
| CVE-2005-0343 | 1 Logicnow | 1 Perldesk | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter.
|
|||||
| CVE-2002-0998 | 1 Care 2002 | 1 Care 2002 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by a call to the include function.
|
|||||