Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0504 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
|
|||||
| CVE-2006-1648 | 1 Smart Technologies | 1 Synchroneyes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc.
|
|||||
| CVE-2003-0057 | 1 Hypermail | 1 Hypermail | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.
|
|||||
| CVE-1999-1246 | 1 Microsoft | 1 Site Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
|
|||||
| CVE-2002-1631 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
|
|||||
| CVE-2004-2239 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2005-1067 | 1 Access User Class | 1 Access User Class | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new".
|
|||||
| CVE-2004-0408 | 1 Michael Bacarella | 1 Ident2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-4031 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
|
|||||
| CVE-2005-2027 | 1 Enterasys | 1 Vertical Horizon-2402s | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.
|
|||||
| CVE-2001-0676 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.
|
|||||
| CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
|
|||||
| CVE-1999-1453 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
|
|||||
| CVE-2005-1846 | 1 Yamt | 1 Yamt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options.
|
|||||
| CVE-2000-0137 | 1 Cartit | 1 Cartit | 2025-04-03 | 7.5 HIGH | N/A |
|
The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2004-0054 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
|
|||||
| CVE-2006-2255 | 1 Creative Software | 1 Community Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
|
|||||
| CVE-2004-0282 | 1 Crob | 1 Crob Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server.
|
|||||
| CVE-2004-0459 | 1 Ieee | 1 802.11 Wireless Protocol | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data.
|
|||||
| CVE-1999-1461 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program.
|
|||||
| CVE-2004-2445 | 1 Jaws | 1 Jaws | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter.
|
|||||
| CVE-2004-2178 | 1 Devoybb | 1 Devoybb Web Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2006-1033 | 1 Cpg-nuke | 1 Dragonfly Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Li ...
Show More |
|||||
| CVE-2002-0604 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options.
|
|||||
| CVE-2006-4941 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
|
|||||
| CVE-1999-0885 | 1 Computer Software Manufaktur | 1 Alibaba | 2025-04-03 | 3.6 LOW | N/A |
|
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
|
|||||
| CVE-2000-0198 | 1 Atrium Software | 3 Mercur Imap4 Server, Mercur Mailserver, Mercur Pop3 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.
|
|||||
| CVE-2005-4739 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 6.8 MEDIUM | N/A |
|
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.
|
|||||
| CVE-2000-0055 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
|
|||||
| CVE-1999-1257 | 1 Xyplex | 1 Maxserver Xyplex Terminal Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark).
|
|||||
| CVE-2005-3929 | 1 Xaraya | 1 Xaraya | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
|
|||||
| CVE-2004-0573 | 1 Microsoft | 5 Frontpage, Office, Publisher and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
|
|||||
| CVE-2006-3788 | 1 Ufo2000 | 1 Ufo2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data.
|
|||||
| CVE-2005-0948 | 1 Iatek | 1 Portalapp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.
|
|||||
| CVE-2002-0452 | 1 Foundrynet | 1 Serveriron | 2025-04-03 | 7.5 HIGH | N/A |
|
Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
|
|||||
| CVE-1999-0964 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
|
|||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2025-04-03 | 5.0 MEDIUM | N/A |
|
global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.
|
|||||
| CVE-2005-4815 | 1 Sap | 1 Sap R 3 | 2025-04-03 | 7.5 HIGH | N/A |
|
SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln."
|
|||||
| CVE-2006-1560 | 1 Skintech | 1 Phpnewsmanager | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information.
|
|||||
| CVE-2006-3292 | 1 Jaws | 1 Jaws | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
|
|||||