Total
29559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0665 | 1 John Bradley | 1 Xv | 2025-04-03 | 5.1 MEDIUM | N/A |
| Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. | |||||
| CVE-2004-1669 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html. | |||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | |||||
| CVE-1999-0920 | 1 University Of Washington | 2 Imap, Pop2d | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. | |||||
| CVE-2002-2026 | 1 Browseftp | 1 Browseftp Client | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply. | |||||
| CVE-2006-4328 | 1 Cloudnine Interactive | 1 Links Manager | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | |||||
| CVE-2002-0891 | 1 Juniper | 1 Netscreen Screenos | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. | |||||
| CVE-2002-0588 | 1 Steve Korbett | 1 Pvote | 2025-04-03 | 5.0 MEDIUM | N/A |
| PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php. | |||||
| CVE-2000-0251 | 1 Hp | 2 Hp-ux, Vvos | 2025-04-03 | 5.0 MEDIUM | N/A |
| HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. | |||||
| CVE-2005-2982 | 1 Compaq | 1 Compaqhttpserver | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2002-1770 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. | |||||
| CVE-2000-0134 | 1 Adgrafix Corporation | 1 Check It Out | 2025-04-03 | 7.5 HIGH | N/A |
| The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2006-4232 | 1 Globus | 1 Globus Toolkit | 2025-04-03 | 1.2 LOW | N/A |
| Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access. | |||||
| CVE-2000-0859 | 1 Gordano | 1 Ntmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. | |||||
| CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2025-04-03 | 7.2 HIGH | N/A |
| leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have. | |||||
| CVE-2005-1376 | 1 Claroline | 1 Claroline | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | |||||
| CVE-2004-2636 | 1 Rit Research Labs | 1 Tinyweb | 2025-04-03 | 5.0 MEDIUM | N/A |
| TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. | |||||
| CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | |||||
| CVE-2005-4248 | 1 Quickpaypro | 1 Quickpaypro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. | |||||
| CVE-2000-0604 | 1 Redhat | 1 Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp. | |||||