Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0229 | 2 Gentoo, Linux | 2 Linux, Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.
|
|||||
| CVE-2004-0626 | 4 Conectiva, Gentoo, Linux and 1 more | 4 Linux, Linux, Linux Kernel and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.
|
|||||
| CVE-2002-1935 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) CSeq, and (3) "To" and "From" SIP URL values in a Session Identification Protocol (SIP) request, which allows remote attackers to avoid registering with the SIP registrar.
|
|||||
| CVE-2002-0413 | 1 Rebb | 1 Rebb | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
|
|||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
|
|||||
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
|
|||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
|
|||||
| CVE-2006-4608 | 1 Longino | 1 Jacome Php-revista | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.
|
|||||
| CVE-2001-1413 | 1 Ncompress | 1 Ncompress | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
|
|||||
| CVE-2001-0927 | 1 Gnome | 1 Libgtop Daemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
|
|||||
| CVE-2005-3443 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17.
|
|||||
| CVE-2002-0139 | 1 Pi-soft | 1 Spoonftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
|
|||||
| CVE-2006-3505 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
|
|||||
| CVE-2006-1869 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04.
|
|||||
| CVE-2005-2649 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
|
|||||
| CVE-2005-4624 | 1 Ptnet | 1 Ptnet Ircd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users.
|
|||||
| CVE-2006-3898 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.
|
|||||
| CVE-2006-0293 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
|
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.
|
|||||
| CVE-2004-1369 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
|
|||||
| CVE-1999-1119 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2003-1076 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
|
|||||
| CVE-2004-0731 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
|
|||||
| CVE-2003-0371 | 1 Prishtina Soft | 1 Prishtina Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.
|
|||||
| CVE-2000-0284 | 1 University Of Washington | 1 Imap | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
|
|||||
| CVE-2000-0468 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
|
|||||
| CVE-2003-0562 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string.
|
|||||
| CVE-2005-2105 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username.
|
|||||
| CVE-2002-0479 | 1 Gravity Storm Software | 1 Service Pack Manager 2000 | 2025-04-03 | 7.2 HIGH | N/A |
|
Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.
|
|||||
| CVE-2006-4713 | 1 Psywerks | 1 Puma | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
|
|||||
| CVE-2001-0599 | 1 Sybase | 1 Adaptive Server Anywhere | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638.
|
|||||
| CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
|
|||||
| CVE-2002-0350 | 1 Hp | 1 Procurve Switch 4000m | 2025-04-03 | 7.8 HIGH | N/A |
|
HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service.
|
|||||
| CVE-2000-1049 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
|
|||||
| CVE-2001-0821 | 1 Dcscripts | 1 Dcshop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
|
|||||
| CVE-2001-0636 | 1 Raytheon | 1 Silentrunner | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.
|
|||||
| CVE-2004-0749 | 2 Gentoo, Subversion | 2 Linux, Subversion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
|
|||||
| CVE-2006-4421 | 1 Yapig | 1 Yapig | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.
|
|||||
| CVE-2000-0130 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in SCO scohelp program allows remote attackers to execute commands.
|
|||||
| CVE-2002-0088 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
|
|||||
| CVE-2005-2010 | 1 Uapplication | 1 Ublog Reload | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter.
|
|||||