Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0162 | 1 Microsoft | 3 Ie, Internet Explorer, Visual Studio | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||||
| CVE-2005-1776 | 1 Cnedra | 1 Cnedra | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. | |||||
| CVE-2005-4189 | 1 Horde | 1 Kronolith H3 | 2025-04-03 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. | |||||
| CVE-2005-1130 | 1 Desert Dog Software | 1 Pinnacle Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. | |||||
| CVE-2004-1316 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | |||||
| CVE-2006-1342 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory. | |||||
| CVE-2001-1363 | 1 Phpwebsite Development Team | 1 Phpwebsite | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2025-04-03 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
| CVE-2003-0552 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. | |||||
| CVE-2005-0830 | 1 Xzabite | 1 Dyndnsupdate | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-2221 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure. | |||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". | |||||
| CVE-2002-1965 | 1 Imatix | 1 Xitami | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. | |||||
| CVE-2006-4360 | 1 Drupal | 1 Drupal E-commerce Module | 2025-04-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2004-1227 | 1 Sugarcrm | 1 Sugar Sales | 2025-04-03 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts. | |||||
| CVE-2005-1131 | 1 Symantec Veritas | 1 I3 Focalpoint Server | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | |||||
| CVE-2006-4605 | 1 Longino | 1 Jacome Php-revista | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. | |||||
| CVE-2000-0517 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. | |||||
| CVE-2001-1030 | 6 Caldera, Immunix, Mandrakesoft and 3 more | 8 Openlinux Server, Immunix, Mandrake Linux and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
| Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||||
| CVE-2001-0825 | 1 Xinetd | 1 Xinetd | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. | |||||