Total
29801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0429 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
| The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. | |||||
| CVE-2003-0564 | 1 Hitachi | 2 Groupmax Mail - Security Option, Pki Runtime Library | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite. | |||||
| CVE-2006-3798 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 5.0 MEDIUM | N/A |
| DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace." | |||||
| CVE-2004-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." | |||||
| CVE-2005-0323 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2005-3941 | 1 Greywyvern | 1 Orca Blog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | |||||
| CVE-2006-0348 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4362 | 1 Komodo | 1 Komodo Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-1337 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI. | |||||
| CVE-2006-1497 | 1 Vihor | 1 Vihordesign | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter. | |||||
| CVE-2005-4290 | 1 Soft4e | 1 Ecw-cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters. | |||||
| CVE-1999-0365 | 1 Metainfo | 2 Metaip, Sendmail | 2025-04-03 | 7.5 HIGH | N/A |
| The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. | |||||
| CVE-2005-3868 | 1 Turn-k | 1 K-search | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request. | |||||
| CVE-2005-4479 | 1 Phpslash | 1 Phpslash | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter. | |||||
| CVE-2001-0491 | 1 Team Johnlong | 1 Raidenftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST. | |||||
| CVE-2005-4697 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | |||||
| CVE-2006-2609 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2025-04-03 | 5.1 MEDIUM | N/A |
| artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-0715 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | |||||
| CVE-2000-0084 | 1 Globalscape | 1 Cuteftp | 2025-04-03 | 5.0 MEDIUM | N/A |
| CuteFTP uses weak encryption to store password information in its tree.dat file. | |||||
| CVE-2006-4544 | 1 Exbb | 1 Exbb | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor. | |||||