Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3598 | 1 Php-nuke | 1 Sections Module | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. | |||||
| CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | |||||
| CVE-2004-2059 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | |||||
| CVE-2005-3336 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-1092 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
| Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed. | |||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. | |||||
| CVE-2002-0528 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 10.0 HIGH | N/A |
| Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules. | |||||
| CVE-2006-4909 | 1 Cisco | 1 Guard Ddos Mitigation Appliance | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | |||||
| CVE-2002-0800 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
| BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end. | |||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. | |||||
| CVE-2001-0592 | 1 Watchguard | 1 Firebox Ii | 2025-04-03 | 5.0 MEDIUM | N/A |
| Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets. | |||||
| CVE-2006-3649 | 1 Microsoft | 1 Visual Basic | 2025-04-03 | 5.1 MEDIUM | N/A |
| Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. | |||||
| CVE-2006-4539 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 7.5 HIGH | N/A |
| (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2004-0451 | 2 Debian, Sup | 2 Debian Linux, Sup | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. | |||||
| CVE-2004-1861 | 1 Netsupport | 1 Netsupport School | 2025-04-03 | 4.6 MEDIUM | N/A |
| Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. | |||||
| CVE-1999-0662 | 2025-04-03 | 10.0 HIGH | N/A | ||
| A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. | |||||
| CVE-2002-0987 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
| X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. | |||||
| CVE-2004-0504 | 2 Ethereal Group, Sgi | 2 Ethereal, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients. | |||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | |||||
| CVE-2004-1365 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user. | |||||