Total
11775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3633 | 1 Ossp | 1 Shiela | 2025-04-03 | 6.5 MEDIUM | N/A |
| OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed. | |||||
| CVE-2002-2328 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.1 HIGH | N/A |
| Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request. | |||||
| CVE-2006-3281 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. | |||||
| CVE-2004-1928 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 7.5 HIGH | N/A |
| The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | |||||
| CVE-2005-3946 | 1 Opera | 1 Opera Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
| Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | |||||
| CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2025-04-03 | 7.8 HIGH | N/A |
| SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | |||||
| CVE-2003-1405 | 1 Dotbr | 1 Botbr | 2025-04-03 | 7.5 HIGH | N/A |
| DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | |||||
| CVE-2002-2228 | 1 Mailscanner | 1 Mailscanner | 2025-04-03 | 6.4 MEDIUM | N/A |
| MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | |||||
| CVE-2005-4846 | 1 Spey | 1 Spey | 2025-04-03 | 4.3 MEDIUM | N/A |
| Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call. | |||||
| CVE-2003-1440 | 1 Burton Computer Corporation | 1 Spamprobe | 2025-04-03 | 4.3 MEDIUM | N/A |
| SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. | |||||
| CVE-2006-4936 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
| Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | |||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | |||||
| CVE-2003-1485 | 1 Clearswift | 1 Mailsweeper | 2025-04-03 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space." | |||||
| CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
| The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | |||||
| CVE-2002-0146 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 5.0 MEDIUM | N/A |
| fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. | |||||
| CVE-2002-2415 | 1 Alliedtelesyn | 2 At-8024, Rapier 24 | 2025-04-03 | 6.8 MEDIUM | N/A |
| Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service. | |||||
| CVE-2004-2596 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | |||||
| CVE-2002-1663 | 1 Monkey-project | 1 Monkey | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value. | |||||
| CVE-2000-0380 | 1 Cisco | 1 Ios | 2025-04-03 | 7.1 HIGH | N/A |
| The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | |||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | |||||