Total
29514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. | |||||
| CVE-2000-0601 | 1 Leafdigital | 1 Leafchat | 2025-04-03 | 5.0 MEDIUM | N/A |
| LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages. | |||||
| CVE-2006-3282 | 1 Datetopia | 1 Dating Agent Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2002-0135 | 1 Netopia | 1 Timbuktu Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420). | |||||
| CVE-1999-0048 | 3 Debian, Ibm, Nec | 5 Netkit, Aix, Asl Ux 4800 and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. | |||||
| CVE-2005-1149 | 1 Acnews | 1 Acnews | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2002-0624 | 1 Microsoft | 2 Msde, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." | |||||
| CVE-2006-2031 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-1999-0351 | 1 Ftp | 1 Ftp Pasv | 2025-04-03 | 6.4 MEDIUM | N/A |
| FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client. | |||||
| CVE-2005-0686 | 1 Mlterm | 1 Mlterm | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background. | |||||
| CVE-2006-0835 | 1 Mitridat | 1 Web Calendar Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. | |||||
| CVE-2006-0695 | 1 Ansilove | 1 Ansilove | 2025-04-03 | 7.5 HIGH | N/A |
| Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory. | |||||
| CVE-2005-2898 | 1 Filezilla | 1 Filezilla | 2025-04-03 | 4.6 MEDIUM | N/A |
| NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently. | |||||
| CVE-2006-1511 | 1 Microsoft | 1 .net Framework | 2025-04-03 | 5.1 MEDIUM | N/A |
| Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | |||||
| CVE-2001-1402 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. | |||||
| CVE-2005-4243 | 1 Quickpaypro | 1 Quickpaypro | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php. | |||||
| CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | |||||
| CVE-2003-1278 | 1 Infopop | 1 Opentopic | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags. | |||||
| CVE-2006-4046 | 1 Open Cubic Player | 1 Open Cubic Player | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. | |||||
| CVE-2000-1102 | 1 Ptlink | 2 Ptlink Irc Services, Ptlink Ircd | 2025-04-03 | 5.0 MEDIUM | N/A |
| PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands. | |||||