Total
29823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0978 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. | |||||
| CVE-2001-1278 | 1 Zope | 1 Zope | 2025-04-03 | 7.5 HIGH | N/A |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
| CVE-2004-0632 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-03 | 7.5 HIGH | N/A |
| Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow. | |||||
| CVE-2006-4718 | 1 Korviblog | 1 Korviblog | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. | |||||
| CVE-2000-0665 | 1 Gamsoft | 1 Telsrv | 2025-04-03 | 5.0 MEDIUM | N/A |
| GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2003-0708 | 1 Tomi Manninen | 1 Linuxnode | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-1999-0148 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
| The handler CGI program in IRIX allows arbitrary command execution. | |||||
| CVE-2001-1175 | 1 Andries Brouwer | 1 Util-linux | 2025-04-03 | 7.2 HIGH | N/A |
| vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. | |||||
| CVE-2000-0086 | 1 Netopia | 1 Timbuktu Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing. | |||||
| CVE-2002-1015 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2025-04-03 | 7.5 HIGH | N/A |
| RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. | |||||
| CVE-2005-1235 | 1 Phpbb Group | 1 Phpbb-auction | 2025-04-03 | 5.0 MEDIUM | N/A |
| auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | |||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2025-04-03 | 7.5 HIGH | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
| CVE-2005-1740 | 1 Net-snmp | 1 Net-snmp | 2025-04-03 | 10.0 HIGH | N/A |
| fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. | |||||
| CVE-2006-1239 | 1 Countersoft | 1 Gemini | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-1999 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. | |||||
| CVE-1999-0326 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Vulnerability in HP-UX mediainit program. | |||||
| CVE-2002-0147 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | |||||
| CVE-2003-0540 | 2 Conectiva, Wietse Venema | 2 Linux, Postfix | 2025-04-03 | 5.0 MEDIUM | N/A |
| The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. | |||||
| CVE-2006-0234 | 1 Microblog | 1 Microblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. | |||||
| CVE-2002-1691 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 10.0 HIGH | N/A |
| Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. | |||||