Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2277 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file. | |||||
| CVE-2004-1704 | 1 Wire Plastic Design | 1 Wpquiz | 2025-04-03 | 7.5 HIGH | N/A |
| WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. | |||||
| CVE-2005-3884 | 1 Zainu | 1 Zainu | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php. | |||||
| CVE-2005-1766 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. | |||||
| CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | |||||
| CVE-2004-1398 | 1 Roxio | 1 Toast | 2025-04-03 | 4.6 MEDIUM | N/A |
| Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument. | |||||
| CVE-2005-3864 | 1 Berlios | 1 Sourcewell | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2. | |||||
| CVE-2004-0106 | 2 Openbsd, Xfree86 Project | 2 Openbsd, X11r6 | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. | |||||
| CVE-2003-1191 | 1 E107 | 1 E107 | 2025-04-03 | 5.0 MEDIUM | N/A |
| chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded. | |||||
| CVE-2006-3953 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
| CVE-2004-0791 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2003-0340 | 1 Demarc Security | 1 Puresecure | 2025-04-03 | 7.5 HIGH | N/A |
| Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges. | |||||
| CVE-1999-1531 | 1 Ibm | 1 Homepageprint | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. | |||||
| CVE-2006-0341 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2002-0275 | 1 Blueface | 1 Falcon Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. | |||||
| CVE-2004-1515 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | |||||
| CVE-2003-0180 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. | |||||
| CVE-2003-0751 | 1 Py-membres | 1 Py-membres | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter. | |||||
| CVE-2000-0279 | 1 Be | 1 Beos | 2025-04-03 | 5.0 MEDIUM | N/A |
| BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. | |||||
| CVE-2003-0814 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | |||||