Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1503 | 1 Afd | 1 Afd | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc. | |||||
| CVE-2002-1001 | 1 Analogx | 1 Proxy | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname. | |||||
| CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | |||||
| CVE-2002-1382 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 7.5 HIGH | N/A |
| Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. | |||||
| CVE-1999-0515 | 2025-04-03 | 10.0 HIGH | N/A | ||
| An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. | |||||
| CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
| Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges. | |||||
| CVE-2004-2000 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. | |||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2025-04-03 | 7.2 HIGH | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | |||||
| CVE-2006-2403 | 1 Filezilla | 1 Filezilla | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2001-1244 | 7 Freebsd, Hp, Linux and 4 more | 9 Freebsd, Hp-ux, Vvos and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. | |||||
| CVE-2002-0229 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements. | |||||
| CVE-2006-0924 | 1 Brown Bear Software | 1 Ical | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | |||||
| CVE-2006-4106 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. | |||||
| CVE-2004-1687 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter. | |||||
| CVE-2006-3111 | 1 Chipmailer | 1 Chipmailer | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr. | |||||
| CVE-2001-0065 | 1 Max-wilhelm Bruker | 1 Bftpd | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. | |||||
| CVE-1999-1458 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument. | |||||
| CVE-1999-0624 | 2025-04-03 | N/A | N/A | ||
| The rstat/rstatd service is running. | |||||
| CVE-2006-1365 | 1 Motorola | 3 E398, Pebl U6, V600 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack. | |||||