Total
29510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2289 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file. | |||||
| CVE-2005-1917 | 1 Kpopper | 1 Kpopper | 2025-04-03 | 2.1 LOW | N/A |
| kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file. | |||||
| CVE-2006-1279 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2025-04-03 | 5.0 MEDIUM | N/A |
| CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. | |||||
| CVE-2004-0767 | 1 Ngsec | 1 Stackdefender | 2025-04-03 | 5.0 MEDIUM | N/A |
| NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions. | |||||
| CVE-2004-2677 | 1 Qwikmail | 1 Qwikmail Smtp | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments. | |||||
| CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2025-04-03 | 7.5 HIGH | N/A |
| Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | |||||
| CVE-1999-0727 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. | |||||
| CVE-1999-1344 | 1 Auto Ftp | 1 Auto Ftp | 2025-04-03 | 7.5 HIGH | N/A |
| Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file. | |||||
| CVE-2002-0302 | 1 Symantec | 1 Enterprise Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||||
| CVE-2004-1224 | 1 Mtr | 1 Mtr | 2025-04-03 | 4.6 MEDIUM | N/A |
| Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator. | |||||
| CVE-2006-4066 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.6 LOW | N/A |
| The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. | |||||
| CVE-2005-0473 | 3 Mandrakesoft, Redhat, Rob Flynn | 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. | |||||
| CVE-2000-0037 | 1 Great Circle Associates | 1 Majordomo | 2025-04-03 | 4.6 MEDIUM | N/A |
| Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. | |||||
| CVE-2005-4480 | 1 Plexcor | 1 Plexcor Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2003-1153 | 1 Bytehoard | 1 Bytehoard | 2025-04-03 | 5.0 MEDIUM | N/A |
| byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php. | |||||
| CVE-2005-4271 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code. | |||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2025-04-03 | 2.6 LOW | N/A |
| Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | |||||
| CVE-2000-0597 | 1 Microsoft | 2 Excel, Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. | |||||
| CVE-2006-1852 | 1 Scriptsfrenzy | 1 Article Publisher Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter. | |||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | |||||