Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0653 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. | |||||
| CVE-2004-2067 | 1 Jaws | 1 Jaws | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. | |||||
| CVE-2006-4197 | 1 Musicbrainz | 2 Libmusicbrainz, Libmusicbrainz Svn | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. | |||||
| CVE-2006-4913 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file. | |||||
| CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | |||||
| CVE-2003-0802 | 1 Nokia | 1 Electronic Documentation | 2025-04-03 | 5.0 MEDIUM | N/A |
| Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). | |||||
| CVE-2006-1334 | 1 Maian Script World | 1 Maian Weblog | 2025-04-03 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. | |||||
| CVE-2002-1493 | 1 Lycos | 1 Htmlgear Guestgear | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. | |||||
| CVE-2002-1400 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. | |||||
| CVE-2002-0706 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2025-04-03 | 7.5 HIGH | N/A |
| UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function. | |||||
| CVE-2005-4783 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 2.1 LOW | N/A |
| kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory. | |||||
| CVE-2005-0410 | 1 Citrusdb | 1 Citrusdb | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | |||||
| CVE-2000-0311 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 2.1 LOW | N/A |
| The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. | |||||
| CVE-2001-0958 | 1 Trend Micro | 2 Interscan Emanager, Interscan Viruswall | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. | |||||
| CVE-1999-0356 | 2025-04-03 | 10.0 HIGH | N/A | ||
| ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book. | |||||
| CVE-2005-0392 | 1 Debian | 1 Ppxp | 2025-04-03 | 7.2 HIGH | N/A |
| ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. | |||||
| CVE-2006-4546 | 1 Lyris | 1 List Manager | 2025-04-03 | 6.5 MEDIUM | N/A |
| Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. | |||||
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. | |||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2025-04-03 | 6.8 MEDIUM | N/A |
| Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-1492 | 1 Gossamer Threads | 2 Gossamer Threads Links, Gossamer Threads Links-sql | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||