Total
29538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3393 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. | |||||
| CVE-2001-1148 | 1 Sco | 1 Openserver | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. | |||||
| CVE-2005-3061 | 1 Powerarchiver | 4 Powerarchiver 2002, Powerarchiver 2003, Powerarchiver 2004 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive. | |||||
| CVE-2006-1487 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module. | |||||
| CVE-2005-3188 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | |||||
| CVE-2006-4873 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679. | |||||
| CVE-2006-3850 | 1 Lussumo | 1 Vanilla | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected | |||||
| CVE-2002-0258 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
| Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. | |||||
| CVE-1999-1464 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564. | |||||
| CVE-2001-0465 | 1 Intuit | 1 Turbo Tax | 2025-04-03 | 4.6 MEDIUM | N/A |
| TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information. | |||||
| CVE-2005-0380 | 1 Zeroboard | 1 Zeroboard | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-1999-0762 | 1 Netscape | 2 Communicator, Navigator | 2025-04-03 | 2.6 LOW | N/A |
| When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. | |||||
| CVE-2000-1040 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service. | |||||
| CVE-2002-0333 | 1 Xtell | 1 Xtell | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument. | |||||
| CVE-2005-2545 | 1 Phpopenchat | 1 Phpopenchat | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php. | |||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | |||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | |||||
| CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2025-04-03 | 7.8 HIGH | N/A |
| Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2025-04-03 | 5.0 MEDIUM | N/A |
| Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | |||||
| CVE-2002-0338 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name. | |||||