Total
29817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0095 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. | |||||
| CVE-2004-1935 | 1 Sct Corporation | 1 Campus Pipeline | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. | |||||
| CVE-2005-2056 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 2.6 LOW | N/A |
| The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. | |||||
| CVE-2005-2585 | 1 Mentor | 1 Adslfr4ii | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan. | |||||
| CVE-2005-0285 | 1 Bottomline | 1 Webseries Payment Application | 2025-04-03 | 4.6 MEDIUM | N/A |
| Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. | |||||
| CVE-2003-0514 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
| Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2005-4607 | 1 Incogen | 1 Bugport | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters. | |||||
| CVE-2006-4161 | 1 Xennobb | 1 Xennobb | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter. | |||||
| CVE-1999-0940 | 1 Mutt | 1 Mutt Mail Client | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. | |||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. | |||||
| CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2025-04-03 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | |||||
| CVE-2005-4204 | 1 Logisphere | 1 Logisphere | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS. | |||||
| CVE-2000-0898 | 1 Max Feoktistov | 1 Small Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file. | |||||
| CVE-2006-2990 | 1 Vanillasoft | 1 Vanillasoft Helpdesk | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2001-0325 | 1 Qnx | 1 Rtp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command. | |||||
| CVE-1999-0147 | 1 University Of Arizona | 2 Glimpse Http, Webglimpse | 2025-04-03 | 7.5 HIGH | N/A |
| The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands. | |||||
| CVE-2002-1959 | 1 Nagios | 1 Nagios | 2025-04-03 | 10.0 HIGH | N/A |
| Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. | |||||
| CVE-2006-0548 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB15 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. | |||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | |||||
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | |||||