Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0606 | 2 Cvsup, Sup | 2 Cvsup-mirror, Sup | 2025-04-03 | 4.6 MEDIUM | N/A |
| sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2000-0329 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
| A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. | |||||
| CVE-2006-4001 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-03 | 7.5 HIGH | N/A |
| Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. | |||||
| CVE-2006-3454 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. | |||||
| CVE-2001-0630 | 1 Mimanet | 1 Source Viewer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable. | |||||
| CVE-2002-1929 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. | |||||
| CVE-2004-2360 | 1 Targem Games | 1 Battle Mages | 2025-04-03 | 5.0 MEDIUM | N/A |
| Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent. | |||||
| CVE-1999-1539 | 1 Qpc Software | 2 Qvt Net, Qvt Term Plus | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2) password. | |||||
| CVE-1999-0473 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | 2.1 LOW | N/A |
| The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred. | |||||
| CVE-2005-4519 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php. | |||||
| CVE-2002-0932 | 1 Luis Bernardo | 1 Myhelpdesk | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog. | |||||
| CVE-2001-1413 | 1 Ncompress | 1 Ncompress | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. | |||||
| CVE-2006-3917 | 1 R. Corson | 1 Php Forge | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter. | |||||
| CVE-2006-3471 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. | |||||
| CVE-2005-3927 | 1 Guppy | 1 Guppy | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php. | |||||
| CVE-2006-1354 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. | |||||
| CVE-2000-0020 | 1 Man And Mice | 1 Dns Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. | |||||
| CVE-2000-0412 | 1 Napster | 1 Knapster | 2025-04-03 | 7.5 HIGH | N/A |
| The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file. | |||||
| CVE-2000-1064 | 1 Hp | 1 Jetdirect | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||