Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0638 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login." | |||||
| CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211. | |||||
| CVE-1999-1280 | 1 Hummingbird | 1 Exceed | 2025-04-03 | 7.5 HIGH | N/A |
| Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file. | |||||
| CVE-2004-0491 | 1 Redhat | 1 Enterprise Linux | 2025-04-03 | 2.1 LOW | N/A |
| The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit. | |||||
| CVE-2005-3360 | 1 Trend Micro | 1 Pc-cillin 2005 | 2025-04-03 | 7.2 HIGH | N/A |
| The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files. | |||||
| CVE-2002-0388 | 1 Gnu | 1 Mailman | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | |||||
| CVE-2005-1750 | 1 Distinct Web Creations | 1 Newsletterez | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-4346 | 1 Anthony Boyd | 1 Phpbb Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
| Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error. | |||||
| CVE-2004-0164 | 1 Kame | 1 Racoon | 2025-04-03 | 5.0 MEDIUM | N/A |
| KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c. | |||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. | |||||
| CVE-2001-1392 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers. | |||||
| CVE-2005-1769 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message. | |||||
| CVE-2006-3302 | 1 Cbsms | 1 Mambo Module | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2005-2184 | 1 Emc | 1 Eroom | 2025-04-03 | 7.5 HIGH | N/A |
| eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | |||||
| CVE-2006-1921 | 1 Php Net Tools | 1 Php Net Tools | 2025-04-03 | 6.4 MEDIUM | N/A |
| nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. | |||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 7.5 HIGH | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | |||||
| CVE-2006-4665 | 1 Mkportal | 1 Mkportal | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information. | |||||
| CVE-2006-1344 | 1 Verisign | 1 Mpki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter. | |||||
| CVE-1999-1285 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed. | |||||
| CVE-2001-0513 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 5.0 MEDIUM | N/A |
| Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. | |||||