Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2025-04-03 | 7.5 HIGH | N/A |
| The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
| CVE-2005-1331 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | |||||
| CVE-2003-0576 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619. | |||||
| CVE-2001-0879 | 1 Microsoft | 4 Sql Server, Windows 2000, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | |||||
| CVE-2003-0092 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable. | |||||
| CVE-2006-0395 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | |||||
| CVE-2004-0370 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic. | |||||
| CVE-2002-0825 | 1 Padl Software | 1 Nss Ldap | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2006-3256 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2006-1543 | 1 Vscripts | 1 Vnews | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php. | |||||
| CVE-2002-0857 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file. | |||||
| CVE-2001-0698 | 1 Netwin | 1 Surgeftp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. | |||||
| CVE-2004-0653 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
| Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files. | |||||
| CVE-2003-0994 | 1 Symantec | 4 Norton Antivirus, Norton Internet Security, Norton System Works and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. | |||||
| CVE-1999-0414 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
| In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. | |||||
| CVE-2000-0575 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.2 HIGH | N/A |
| SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS. | |||||
| CVE-2005-1887 | 1 Sun | 1 Solaris | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges. | |||||
| CVE-2000-0193 | 1 Corel | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
| The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. | |||||
| CVE-2002-1858 | 1 Oracle | 1 Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2002-0643 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." | |||||