Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1043 | 6 Apple, Conectiva, Peachtree and 3 more | 7 Mac Os X, Mac Os X Server, Linux and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. | |||||
| CVE-2001-0420 | 1 Way To The Web | 1 Talkback | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. | |||||
| CVE-2001-1458 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||||
| CVE-2005-1739 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2025-04-03 | 5.0 MEDIUM | N/A |
| The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | |||||
| CVE-1999-0771 | 1 Compaq | 2 Insight Management Agent, Power Management | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2006-0939 | 1 Dci-designs | 1 Dci-taskeen | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. | |||||
| CVE-2005-3457 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. | |||||
| CVE-2002-0735 | 2 C-note, Padl Software | 3 Squid Auth Ldap, Nss Ldap, Pam Ldap | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. | |||||
| CVE-2005-2765 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. | |||||
| CVE-2004-2163 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.5 HIGH | N/A |
| login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. | |||||
| CVE-2001-0538 | 1 Microsoft | 1 Outlook | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. | |||||
| CVE-2006-3247 | 1 Gl-sh | 1 Deaf Forum | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-1999-0009 | 11 Bsdi, Caldera, Data General and 8 more | 13 Bsd Os, Openlinux, Dg Ux and 10 more | 2025-04-03 | 10.0 HIGH | N/A |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||||
| CVE-2003-0928 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy. | |||||
| CVE-2005-2207 | 1 Elemental Software | 1 Cartwiz | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2002-1145 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 10.0 HIGH | N/A |
| The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | |||||
| CVE-2000-0595 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. | |||||
| CVE-2003-0109 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. | |||||
| CVE-2005-4144 | 1 Lyris | 1 List Manager | 2025-04-03 | 7.5 HIGH | N/A |
| Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace. | |||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||