Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0909 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
| Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. | |||||
| CVE-2001-1276 | 1 Itcorp | 1 Ispell | 2025-04-03 | 1.2 LOW | N/A |
| ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. | |||||
| CVE-2000-0678 | 1 Pgp | 1 Pgp | 2025-04-03 | 5.0 MEDIUM | N/A |
| PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate. | |||||
| CVE-2005-1867 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 7.5 HIGH | N/A |
| Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges. | |||||
| CVE-2004-1244 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
| Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." | |||||
| CVE-1999-0752 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. | |||||
| CVE-2005-4745 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-3202 | 1 Oracle | 1 Html Db | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. | |||||
| CVE-2004-1325 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.0 MEDIUM | N/A |
| The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. | |||||
| CVE-1999-0305 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections. | |||||
| CVE-2005-3850 | 1 Onlinetechtools.com | 1 Okbsys Lite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter. | |||||
| CVE-2005-4234 | 1 Powerdev | 1 Encapsgallery | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1581 | 1 Blanknberg | 1 Blanknberg | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter. | |||||
| CVE-2005-4039 | 1 Web4future | 1 Portal Solutions | 2025-04-03 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. | |||||
| CVE-2003-0505 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. | |||||
| CVE-2004-0587 | 3 Mandrakesoft, Redhat, Suse | 4 Mandrake Linux, Mandrake Linux Corporate Server, Fedora Core and 1 more | 2025-04-03 | 2.1 LOW | N/A |
| Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service. | |||||
| CVE-2005-2372 | 1 Oracle | 1 Forms | 2025-04-03 | 7.2 HIGH | N/A |
| Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. | |||||
| CVE-2002-0357 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. | |||||
| CVE-2001-0552 | 2 Hp, Ibm | 2 Openview Network Node Manager, Tivoli Netview | 2025-04-03 | 10.0 HIGH | N/A |
| ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. | |||||
| CVE-2006-1431 | 1 Fusionzone | 1 Couponzone | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters. | |||||