Total
29801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1446 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
| Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. | |||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | |||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2025-04-03 | 7.5 HIGH | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | |||||
| CVE-2003-0138 | 1 Mit | 1 Kerberos | 2025-04-03 | 7.5 HIGH | N/A |
| Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||||
| CVE-2005-1711 | 3 Clam Anti-virus, Gibraltar, Squid | 3 Clamav, Gibraltar Firewall, Squid | 2025-04-03 | 7.5 HIGH | N/A |
| Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. | |||||
| CVE-2006-2841 | 1 Associated | 1 Associated Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php. | |||||
| CVE-2003-0705 | 1 Nicolas Boullis | 1 Mah-jong | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-1556 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time. | |||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | |||||
| CVE-2002-1437 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences. | |||||
| CVE-2002-0983 | 1 Irssi | 1 Irssi | 2025-04-03 | 5.0 MEDIUM | N/A |
| IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. | |||||
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2025-04-03 | 7.5 HIGH | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
| CVE-1999-1420 | 1 N-base | 5 Nh2012, Nh2012r, Nh2015 and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration. | |||||
| CVE-2001-0937 | 1 Matt Wright | 1 Pgpmail.pl | 2025-04-03 | 7.5 HIGH | N/A |
| PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters. | |||||
| CVE-2002-1647 | 1 Slashcode.com | 1 Slash | 2025-04-03 | 5.0 MEDIUM | N/A |
| The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL. | |||||
| CVE-2005-4593 | 1 Joshua Eichorn | 1 Phpdocumentor | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir parameter in docbuilder/file_dialog.php. | |||||
| CVE-2006-4618 | 1 John Lim | 1 Adodb | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. | |||||
| CVE-2005-0909 | 1 Tkais Shoutbox | 1 Tkais Shoutbox | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter. | |||||
| CVE-2001-1425 | 1 Alcatel | 1 Speed Touch Home | 2025-04-03 | 7.5 HIGH | N/A |
| The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login. | |||||
| CVE-2002-0076 | 3 Hp, Microsoft, Sun | 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | |||||