Total
29511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4572 | 1 Myezshop | 1 Myezshop Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | |||||
| CVE-2004-1853 | 1 Atari | 1 Terminator 3 War Of The Machines | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable. | |||||
| CVE-2004-0055 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
| The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. | |||||
| CVE-2001-0636 | 1 Raytheon | 1 Silentrunner | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates. | |||||
| CVE-2001-1555 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
| pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. | |||||
| CVE-2006-3557 | 1 Mt Orumcek | 1 Mt Orumcek Toplist | 2025-04-03 | 5.0 MEDIUM | N/A |
| MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2004-2472 | 1 Agnitum | 1 Outpost Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro. | |||||
| CVE-2006-1068 | 1 Netgear | 1 Netgear Router | 2025-04-03 | 4.9 MEDIUM | N/A |
| Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | |||||
| CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 4.6 MEDIUM | N/A |
| vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. | |||||
| CVE-2000-0460 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. | |||||
| CVE-2006-1097 | 1 Datenbank Module | 1 Datenbank Module | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-1999-0180 | 2025-04-03 | 7.5 HIGH | N/A | ||
| in.rshd allows users to login with a NULL username and execute commands. | |||||
| CVE-2006-2573 | 1 Dian Gemilang | 1 Dgbook | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. | |||||
| CVE-2005-3943 | 1 Faq System | 1 Faq System | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php. | |||||
| CVE-2005-1818 | 1 Newlife Blogger | 1 Newlife Blogger | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2004-2482 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | |||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | |||||
| CVE-2004-1180 | 3 Debian, Mandrakesoft, Sun | 5 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). | |||||