Total
29511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1632 | 1 Oracle | 1 Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | |||||
| CVE-2006-1806 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action. | |||||
| CVE-2003-1288 | 1 Vserver | 1 Linux-vserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions. | |||||
| CVE-2000-0427 | 1 Aladdin Knowledge Systems | 1 Etoken | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. | |||||
| CVE-2002-0655 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
| OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2006-4192 | 1 Modplug | 1 Tracker | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. | |||||
| CVE-2005-3897 | 1 Apple | 1 Safari | 2025-04-03 | 7.8 HIGH | N/A |
| Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | |||||
| CVE-2002-1605 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows attackers to execute arbitrary code via a long _XKB_CHARSET environment variable to (1) dxpause, (2) dxconsole, or (3) dtsession. | |||||
| CVE-2005-1579 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. | |||||
| CVE-1999-0975 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. | |||||
| CVE-2006-0040 | 1 Gnome | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
| GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | |||||
| CVE-2000-1076 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2025-04-03 | 10.0 HIGH | N/A |
| Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. | |||||
| CVE-1999-0534 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. | |||||
| CVE-2000-0151 | 1 Gnu | 1 Make | 2025-04-03 | 6.2 MEDIUM | N/A |
| GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | |||||
| CVE-2002-1738 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 5.0 MEDIUM | N/A |
| Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email. | |||||
| CVE-2000-1203 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. | |||||
| CVE-2002-0199 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. | |||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2025-04-03 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | |||||
| CVE-2004-2485 | 1 Php Live | 1 Php Live | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors. | |||||