Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2446 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.4 MEDIUM | N/A |
| Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. | |||||
| CVE-2005-0541 | 1 Cyclades | 1 Alterpath Manager | 2025-04-03 | 7.5 HIGH | N/A |
| consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | |||||
| CVE-1999-0286 | 2025-04-03 | 10.0 HIGH | N/A | ||
| In some NT web servers, appending a space at the end of a URL may allow attackers to read source code for active pages. | |||||
| CVE-2005-4130 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | |||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-2219 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | |||||
| CVE-2001-0354 | 1 Thenet | 1 Checkbo | 2025-04-03 | 5.0 MEDIUM | N/A |
| TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. | |||||
| CVE-2001-1440 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. | |||||
| CVE-2005-2110 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
| WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1. | |||||
| CVE-2002-0605 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. | |||||
| CVE-1999-1582 | 1 Cisco | 1 Pix Firewall | 2025-04-03 | 7.5 HIGH | N/A |
| By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality. | |||||
| CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | |||||
| CVE-2005-0300 | 1 Jsboard | 1 Jsboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. | |||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | 6.4 MEDIUM | N/A |
| admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | |||||
| CVE-2006-2914 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory. | |||||
| CVE-1999-0497 | 2025-04-03 | N/A | N/A | ||
| Anonymous FTP is enabled. | |||||
| CVE-2006-0650 | 1 Cpaint | 1 Cpaint | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. | |||||
| CVE-2006-1844 | 1 Debian | 2 Base-config, Shadow | 2025-04-03 | 2.1 LOW | N/A |
| The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | |||||
| CVE-2005-3846 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||