Total
29868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0568 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. | |||||
| CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2025-04-03 | 5.0 MEDIUM | N/A |
| OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | |||||
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | |||||
| CVE-2000-1047 | 1 Lotus | 2 Domino Enterprise Server, Domino Mail Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. | |||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined | |||||
| CVE-2003-0583 | 1 Tolis Group | 1 Bru | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2006-1687 | 1 Apt | 1 Apt-webshop-system | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality. | |||||
| CVE-2006-4853 | 1 Haberx | 1 Haberx | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. | |||||
| CVE-2005-2777 | 1 Looking Glass | 1 Looking Glass | 2025-04-03 | 7.5 HIGH | N/A |
| Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field. | |||||
| CVE-2000-0375 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. | |||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | |||||
| CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | |||||
| CVE-2003-0842 | 1 Dag Apt Repository | 1 Mod Gzip | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an "Accept-Encoding: gzip" header. | |||||
| CVE-2001-0837 | 1 Deltathree | 1 Pc-to-phone | 2025-04-03 | 2.1 LOW | N/A |
| DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. | |||||
| CVE-2000-1042 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. | |||||
| CVE-2006-4322 | 1 Bits-dont-bite | 1 Estateagent | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2005-3201 | 1 Utopia Software | 1 Utopia News Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter. | |||||
| CVE-2006-2630 | 1 Symantec | 2 Client Security, Norton Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-0349 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php. | |||||
| CVE-2006-3142 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. | |||||