Total
29834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0932 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order. | |||||
| CVE-2005-4734 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-03 | 6.4 MEDIUM | N/A |
| Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method. | |||||
| CVE-2003-0823 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. | |||||
| CVE-2001-0119 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2025-04-03 | 1.2 LOW | N/A |
| getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-0875 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
| CVE-2001-0162 | 1 Microsoft | 1 Windows Embedded Compact | 2025-04-03 | 7.5 HIGH | N/A |
| WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-1999-0297 | 5 Bsdi, Freebsd, Netbsd and 2 more | 5 Bsd Os, Freebsd, Netbsd and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable. | |||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2025-04-03 | 7.5 HIGH | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | |||||
| CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2001-1393 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). | |||||
| CVE-2004-1481 | 1 Realnetworks | 3 Helix Player, Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. | |||||
| CVE-2001-0722 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.4 MEDIUM | N/A |
| Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | |||||
| CVE-2004-0525 | 1 Hp | 1 Integrated Lights-out Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
| HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero. | |||||
| CVE-2002-1936 | 1 Utstarcom | 1 Bas 1000 | 2025-04-03 | 7.5 HIGH | N/A |
| UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase". | |||||
| CVE-2004-1876 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 4.6 MEDIUM | N/A |
| The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
| CVE-2005-0884 | 1 Digitalhive | 1 Digitalhive | 2025-04-03 | 7.5 HIGH | N/A |
| DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script. | |||||
| CVE-2005-4821 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2) the f parameter in events.php, or (3) the e parameter in plug.php. | |||||
| CVE-2006-0455 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 4.6 MEDIUM | N/A |
| gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". | |||||