Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4185 | 1 Novell | 1 Edirectory | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.
|
|||||
| CVE-2002-1219 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
|
|||||
| CVE-2004-0483 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote attackers to cause a denial of service (infinite loop) via certain RPC requests.
|
|||||
| CVE-2005-0830 | 1 Xzabite | 1 Dyndnsupdate | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
|
|||||
| CVE-1999-0651 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
The rsh/rlogin service is running.
|
|||||
| CVE-2005-1988 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
|
|||||
| CVE-2000-0567 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
|
|||||
| CVE-2005-4748 | 1 Vwar | 1 Virtual War | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem.
|
|||||
| CVE-2006-1634 | 1 Lucidcms | 1 Lucidcms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter.
|
|||||
| CVE-2002-0608 | 1 Matu | 1 Matu Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.
|
|||||
| CVE-2004-0085 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.
|
|||||
| CVE-2004-0043 | 1 Yahoo | 1 Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
|
|||||
| CVE-2002-0424 | 1 Efingerd | 1 Efingerd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
|
|||||
| CVE-2006-2263 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
|
|||||
| CVE-2003-0102 | 2 File, Netbsd | 2 File, Netbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
|
|||||
| CVE-2006-0947 | 1 Thomson | 1 Speedtouch | 2025-04-03 | 7.5 HIGH | N/A |
|
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.
|
|||||
| CVE-1999-0112 | 2 Cde, Ibm | 2 Cde, Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX dtterm program for the CDE.
|
|||||
| CVE-2004-1547 | 1 Onnuri Infotek | 1 Activepost Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow.
|
|||||
| CVE-2005-1298 | 1 Inserter.cgi | 1 Inserter.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
|
|||||
| CVE-2005-3156 | 1 Easyguppy | 1 Easyguppy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal.
|
|||||
| CVE-2000-1027 | 1 Cisco | 1 Pix Firewall Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.
|
|||||
| CVE-2005-0509 | 2 Microsoft, Mono | 2 .net Framework, Mono | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
|
|||||
| CVE-2004-2662 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.
|
|||||
| CVE-2006-1755 | 1 Matthew Dingley | 1 Md News | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-3323 | 1 Mastersfusion | 1 Mf Piadas | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script.
|
|||||
| CVE-2004-0684 | 1 Ibm | 2 Websphere Caching Proxy Server, Websphere Edge Server Caching Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
|
|||||
| CVE-2006-1116 | 1 Ncipher | 1 Ncore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
|
|||||
| CVE-2004-1738 | 1 Jshop E-commerce | 1 Jshop Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.
|
|||||
| CVE-2004-2676 | 1 Webroot Software | 1 Spy Sweeper Enterprise | 2025-04-03 | 7.2 HIGH | N/A |
|
The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
|
|||||
| CVE-2005-1035 | 1 Pavuk | 1 Pavuk | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact.
|
|||||
| CVE-2004-0938 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
|
|||||
| CVE-2005-0035 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.
|
|||||
| CVE-2005-1070 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.
|
|||||
| CVE-2004-1340 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
|
|||||
| CVE-2006-1019 | 1 Ukiweb | 1 Ukiboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, some of which reference a source URL that appears to be for an unrelated issue.
|
|||||
| CVE-2000-0834 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.
|
|||||
| CVE-2006-0738 | 1 Estara | 1 Softphone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).
|
|||||
| CVE-2005-1808 | 1 Firefly Studios | 1 Stronghold 2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception.
|
|||||