Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3675 | 1 Tcp | 1 Tcp | 2025-04-03 | 7.8 HIGH | N/A |
| The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth. | |||||
| CVE-2000-0053 | 1 Microsoft | 1 Commercial Internet System | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. | |||||
| CVE-2002-1639 | 1 Oracle | 1 Configurator | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". | |||||
| CVE-1999-0085 | 3 Freebsd, Ibm, Netbsd | 3 Freebsd, Aix, Netbsd | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname. | |||||
| CVE-2000-0088 | 1 Microsoft | 4 Office, Office Converter Pack, Powerpoint and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | |||||
| CVE-2003-0273 | 1 Best Practical Solutions | 1 Request Tracker | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. | |||||
| CVE-2005-0747 | 1 Applyyourself | 1 I-class | 2025-04-03 | 5.0 MEDIUM | N/A |
| ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. | |||||
| CVE-2003-0268 | 1 Bvrp Software | 1 Slwebmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. | |||||
| CVE-2005-3378 | 1 Norman | 1 Norman Virus Control | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2002-0282 | 1 Codeworx Technologies | 1 Dcp-portal | 2025-04-03 | 5.0 MEDIUM | N/A |
| DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. | |||||
| CVE-2000-0632 | 1 Lsoft | 1 Listserv | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. | |||||
| CVE-2006-2957 | 1 Skoom | 1 I.list | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2025-04-03 | 2.6 LOW | N/A |
| The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | |||||
| CVE-2006-3487 | 1 Virtuastore | 1 Virtuastore | 2025-04-03 | 5.0 MEDIUM | N/A |
| VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb. | |||||
| CVE-2000-1133 | 1 Flicks Software | 1 Authentix | 2025-04-03 | 5.0 MEDIUM | N/A |
| Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory. | |||||
| CVE-2000-0382 | 1 Allaire | 1 Clustercats | 2025-04-03 | 2.6 LOW | N/A |
| ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. | |||||
| CVE-2000-0108 | 1 Intelligent Vending Systems | 1 Intellivend | 2025-04-03 | 7.5 HIGH | N/A |
| The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2005-0363 | 1 Awstats | 1 Awstats | 2025-04-03 | 7.5 HIGH | N/A |
| awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
| CVE-2004-1000 | 1 Debian | 1 Lintian | 2025-04-03 | 2.1 LOW | N/A |
| lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. | |||||
| CVE-2004-2602 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php. | |||||