Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2298 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2004-1209 | 1 Verisign | 1 Payflow Link | 2025-04-03 | 5.0 MEDIUM | N/A |
| Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase. | |||||
| CVE-2005-0160 | 1 E-merge | 1 Unace | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages. | |||||
| CVE-2004-1554 | 1 Alexphpteam | 1 Alex Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2000-0557 | 1 Computalynx | 1 Cmail | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. | |||||
| CVE-2002-1953 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. | |||||
| CVE-1999-1352 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
| mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges. | |||||
| CVE-2006-0477 | 1 Git | 1 Git | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. | |||||
| CVE-2000-1079 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. | |||||
| CVE-2002-0400 | 1 Isc | 1 Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
| ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. | |||||
| CVE-2005-1243 | 1 Safestone Technologies | 1 Axcessit | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-2090 | 1 Apache | 1 Tomcat | 2025-04-03 | 4.3 MEDIUM | N/A |
| Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2004-1493 | 1 Quicksilver | 1 Master Of Orion Iii | 2025-04-03 | 5.0 MEDIUM | N/A |
| Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow. | |||||
| CVE-2005-2934 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
| Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2005-0159 | 1 Debian | 2 Debian Linux, Toolchain-source | 2025-04-03 | 4.6 MEDIUM | N/A |
| The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2004-1629 | 1 Distinct Web Creations | 1 Dwc Articles | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2005-2377 | 1 Mandrakesoft | 2 Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE. | |||||
| CVE-2006-3297 | 1 Uebimiau | 1 Uebimiau | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-0274 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. | |||||
| CVE-2005-0687 | 1 Hashcash | 1 Hashcash | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header. | |||||