Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3228 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
|
|||||
| CVE-2001-0205 | 1 Aol | 1 Aol Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack.
|
|||||
| CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 4.6 MEDIUM | N/A |
|
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
|
|||||
| CVE-2005-1351 | 1 Leif M. Wright | 1 Ad.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
|
|||||
| CVE-2005-4411 | 1 David Harris | 1 Mercury Mail Transport System | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
|
|||||
| CVE-2000-0218 | 2 Caldera, Suse | 2 Openlinux, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
|
|||||
| CVE-2006-1693 | 1 Globalscape | 1 Secure Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.
|
|||||
| CVE-2002-1115 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
|
|||||
| CVE-2002-2110 | 1 Rca | 1 Digital Cable Modem | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device.
|
|||||
| CVE-2005-4682 | 1 Audienceview | 1 Audienceview | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2002-1433 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.
|
|||||
| CVE-2005-3366 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
|
|||||
| CVE-1999-0092 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Various vulnerabilities in the AIX portmir command allows local users to obtain root access.
|
|||||
| CVE-2006-3340 | 1 Pearlinger | 1 Pearl For Mambo | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned ...
Show More |
|||||
| CVE-2001-0838 | 1 Network Solutions | 1 Rwhoisd | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
|
|||||
| CVE-2005-1469 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.
|
|||||
| CVE-2006-4602 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
|
|||||
| CVE-2002-1557 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
|
|||||
| CVE-2001-0440 | 3 Conectiva, Licq, Mandrakesoft | 3 Linux, Licq, Mandrake Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
|
|||||
| CVE-2001-0189 | 1 Intranet-server | 1 Localweb2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request.
|
|||||
| CVE-2005-4813 | 1 Businessobjects | 4 Crystal Enterprise Xi, Crystal Reports Server Xi, Crystal Reports Xi and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.
|
|||||
| CVE-2005-3342 | 1 Norman Ramsey | 1 Noweb | 2025-04-03 | 1.2 LOW | N/A |
|
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.
|
|||||
| CVE-2005-3892 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
|
|||||
| CVE-2004-1841 | 1 Ms Analysis | 1 Website Traffic Analyzer | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request.
|
|||||
| CVE-2002-0738 | 1 Mhonarc | 1 Mhonarc | 2025-04-03 | 7.5 HIGH | N/A |
|
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
|
|||||
| CVE-2004-0379 | 1 Microsoft | 1 Sharepoint Portal Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
|
|||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2004-1705 | 1 Citadel | 1 Ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
|
|||||
| CVE-2002-0955 | 1 Yabb | 1 Yabb | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
|
|||||
| CVE-2006-3818 | 1 Novell | 1 Groupwise Webaccess | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
|
|||||
| CVE-2005-2452 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 5.0 MEDIUM | N/A |
|
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
|
|||||
| CVE-1999-0978 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
htdig allows remote attackers to execute commands via filenames with shell metacharacters.
|
|||||
| CVE-1999-0195 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.
|
|||||
| CVE-2002-2192 | 1 Perception | 1 Liteserve | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders.
|
|||||
| CVE-2006-0796 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-0201 | 1 D-bus | 1 D-bus | 2025-04-03 | 2.1 LOW | N/A |
|
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
|
|||||
| CVE-2006-4242 | 1 Joomla | 1 Jim Instant Messaging Component | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2004-1969 | 1 Openbb | 1 Openbb | 2025-04-03 | 7.5 HIGH | N/A |
|
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
|
|||||
| CVE-2005-4637 | 1 Kayako | 1 Supportsuite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.
|
|||||
| CVE-2004-1121 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.
|
|||||