Total
29835 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0029 | 1 Igor Khasilev | 1 Oops Proxy Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup. | |||||
| CVE-2004-2568 | 1 Recipants | 1 Recipants | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. | |||||
| CVE-2005-1208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows 98 and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer. | |||||
| CVE-2004-0435 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 3.6 LOW | N/A |
| Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. | |||||
| CVE-1999-0010 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. | |||||
| CVE-2003-0536 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-03 | 3.6 LOW | N/A |
| Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters. | |||||
| CVE-1999-0507 | 2025-04-03 | 7.5 HIGH | N/A | ||
| An account on a router, firewall, or other network device has a guessable password. | |||||
| CVE-2003-0949 | 1 Michael Bischoff | 1 Xsok | 2025-04-03 | 4.6 MEDIUM | N/A |
| xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. | |||||
| CVE-2005-3667 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate. | |||||
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | |||||
| CVE-2005-0479 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter. | |||||
| CVE-2005-1954 | 1 Singapore | 1 Singapore | 2025-04-03 | 5.0 MEDIUM | N/A |
| singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message. | |||||
| CVE-2002-1846 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
| Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-2004-1062 | 1 Viewcvs | 1 Viewcvs | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages. | |||||
| CVE-2004-0456 | 3 Debian, Gentoo, Pavuk | 3 Debian Linux, Linux, Pavuk | 2025-04-03 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. | |||||
| CVE-2002-0532 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2025-04-03 | 7.2 HIGH | N/A |
| EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. | |||||
| CVE-2006-2097 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). | |||||
| CVE-2005-1414 | 1 Exoticsoft | 1 Filepocket | 2025-04-03 | 4.6 MEDIUM | N/A |
| ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges. | |||||
| CVE-2004-0575 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation. | |||||