Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | |||||
| CVE-2005-4050 | 1 Multi-tech Systems | 1 Multivoip | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (SIP) packet. | |||||
| CVE-2006-2813 | 1 Ishopcart | 1 Ishopcart | 2025-04-03 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
| CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. | |||||
| CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | |||||
| CVE-2001-0495 | 1 Datawizard | 1 Webxq | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. | |||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | |||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 4.6 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
| CVE-2004-0633 | 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more | 5 Ethereal, Linux, Mandrake Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. | |||||
| CVE-2005-2441 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. | |||||
| CVE-2004-2454 | 1 Amsn | 1 Amsn | 2025-04-03 | 2.1 LOW | N/A |
| aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. | |||||
| CVE-2006-3392 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
| Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. | |||||
| CVE-2005-0666 | 1 The Pax Team | 1 Pax Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | |||||
| CVE-2006-0920 | 1 Oi | 1 Email Marketing System | 2025-04-03 | 1.7 LOW | N/A |
| Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password. | |||||
| CVE-2002-1134 | 1 Hp | 1 Webes Service Tools | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. | |||||
| CVE-2006-0128 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. | |||||
| CVE-2003-0977 | 2 Cvs, Slackware | 2 Cvs, Slackware Linux | 2025-04-03 | 7.5 HIGH | N/A |
| CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. | |||||
| CVE-2004-0631 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command. | |||||
| CVE-2006-2027 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2025-04-03 | 6.5 MEDIUM | N/A |
| Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. NOTE: the original researcher claims that the vendor disputes this issue. | |||||
| CVE-2001-0348 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. | |||||