Total
29484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2046 | 1 Xqus | 1 X-news | 2025-04-03 | 7.5 HIGH | N/A |
| x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie. | |||||
| CVE-2001-0553 | 1 Ssh | 1 Secure Shell | 2025-04-03 | 7.2 HIGH | N/A |
| SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. | |||||
| CVE-2006-3264 | 1 Namo | 1 Deepsearch | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2003-0081 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | |||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | |||||
| CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | |||||
| CVE-2000-0156 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. | |||||
| CVE-2002-2009 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message. | |||||
| CVE-1999-0514 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
| UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. | |||||
| CVE-2003-1281 | 1 Eekim | 1 Cgihtml | 2025-04-03 | 2.1 LOW | N/A |
| cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files. | |||||
| CVE-2000-0874 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
| Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). | |||||
| CVE-2004-1562 | 1 W-agora | 1 W-agora | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | |||||
| CVE-1999-0269 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape Enterprise servers may list files through the PageServices query. | |||||
| CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 7.5 HIGH | N/A |
| ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||||
| CVE-2004-2477 | 1 Diamondcs | 1 Process Guard Free | 2025-04-03 | 2.1 LOW | N/A |
| DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe. | |||||
| CVE-2004-1298 | 1 Michael Kohn | 1 Vb2c | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file. | |||||
| CVE-2004-1765 | 1 Mod Security | 1 Mod Security | 2025-04-03 | 7.5 HIGH | N/A |
| Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests. | |||||
| CVE-2001-1007 | 1 Starfish | 1 Truesync Desktop | 2025-04-03 | 5.0 MEDIUM | N/A |
| Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. | |||||
| CVE-2006-4991 | 1 Rsa | 1 Keon Certificate Authority Manager | 2025-04-03 | 3.6 LOW | N/A |
| RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation. | |||||