Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0799 | 1 Youngzsoft | 1 Cmailserver | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument. | |||||
| CVE-2006-2023 | 1 Ls3 | 1 Fenice | 2025-04-03 | 5.0 MEDIUM | N/A |
| Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access. | |||||
| CVE-1999-0101 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. | |||||
| CVE-2006-0908 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. | |||||
| CVE-1999-1193 | 1 Next | 1 Next | 2025-04-03 | 10.0 HIGH | N/A |
| The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. | |||||
| CVE-2002-0126 | 1 Selom Ofori | 1 Blackmoon Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD. | |||||
| CVE-2004-1902 | 1 Citrix | 1 Metaframe Password Manager | 2025-04-03 | 2.1 LOW | N/A |
| The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | |||||
| CVE-2005-3473 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php. | |||||
| CVE-2002-1158 | 1 Canna | 1 Canna | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. | |||||
| CVE-2005-1358 | 1 Text.cgi | 1 Text.cgi | 2025-04-03 | 7.5 HIGH | N/A |
| text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2004-1051 | 5 Debian, Mandrakesoft, Todd Miller and 2 more | 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
| sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | |||||
| CVE-2002-1187 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. | |||||
| CVE-2000-0225 | 1 Deti Fliegl | 1 Poc32 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. | |||||
| CVE-2006-4737 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2. | |||||
| CVE-2004-0563 | 1 Freenet6 | 1 Freenet6 | 2025-04-03 | 2.1 LOW | N/A |
| The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password. | |||||
| CVE-2005-1033 | 1 Devellion | 1 Cubecart | 2025-04-03 | 5.0 MEDIUM | N/A |
| CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0936 | 1 Esmi | 1 Paypal Storefront | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-2844 | 1 Indiatimes Messenger | 1 Indiatimes Messenger | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object. | |||||
| CVE-2001-0379 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. | |||||
| CVE-2002-0006 | 1 Xchat | 1 Xchat | 2025-04-03 | 7.5 HIGH | N/A |
| XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. | |||||