Total
29867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0176 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan. | |||||
| CVE-2004-2000 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. | |||||
| CVE-2006-2274 | 1 Lksctp | 1 Stream Control Transmission Protocol | 2025-04-03 | 5.0 MEDIUM | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. | |||||
| CVE-2005-4683 | 1 Padl Software | 1 Migrationtools | 2025-04-03 | 2.1 LOW | N/A |
| PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh. | |||||
| CVE-2004-2335 | 1 Macromedia | 2 Contribute, Studio | 2025-04-03 | 7.2 HIGH | N/A |
| The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | |||||
| CVE-2006-3334 | 1 Greg Roelofs | 1 Libpng | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". | |||||
| CVE-2000-0595 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. | |||||
| CVE-2006-4281 | 1 Arthur Konze Webdesign | 1 Akocomment | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-1999-0061 | 4 Bsdi, Freebsd, Linux and 1 more | 4 Bsd Os, Freebsd, Linux Kernel and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | |||||
| CVE-2003-0558 | 1 Leapware | 1 Leapftp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request. | |||||
| CVE-2003-0275 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.1 MEDIUM | N/A |
| SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2006-4424 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. | |||||
| CVE-2005-2996 | 1 Symantec Veritas | 2 Storage Exec, Storagecentral | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls. | |||||
| CVE-2006-4569 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
| The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2004-2411 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 4.3 MEDIUM | N/A |
| The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors. | |||||
| CVE-2003-0822 | 1 Microsoft | 4 Frontpage Server Extensions, Sharepoint Team Services, Windows 2000 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2005-0962 | 1 Lighthouse Development | 1 Squirrelcart | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action. | |||||
| CVE-2006-0197 | 1 X.org | 1 X.org | 2025-04-03 | 5.0 MEDIUM | N/A |
| The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. | |||||
| CVE-1999-1168 | 1 Iss | 1 Internet Security Scanner | 2025-04-03 | 7.2 HIGH | N/A |
| install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file. | |||||