Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0353 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. | |||||
| CVE-2004-0692 | 1 Trolltech | 1 Qt | 2025-04-03 | 5.0 MEDIUM | N/A |
| The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. | |||||
| CVE-2000-0932 | 1 Clearswift | 1 Mailsweeper For Smtp | 2025-04-03 | 5.0 MEDIUM | N/A |
| MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. | |||||
| CVE-2002-1598 | 1 Broadcom | 1 Mlink | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock. | |||||
| CVE-2006-3936 | 1 Alkacon | 1 Opencms | 2025-04-03 | 4.0 MEDIUM | N/A |
| system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. | |||||
| CVE-2006-0217 | 1 Ultimate Auction | 1 Ultimate Auction | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1. | |||||
| CVE-2005-1437 | 1 Osticket | 1 Osticket | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php. | |||||
| CVE-2005-4858 | 1 Chitta | 1 Mimicboard 2 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element. | |||||
| CVE-2002-1608 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code. | |||||
| CVE-2003-0295 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. | |||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | |||||
| CVE-2006-4353 | 1 Sun | 1 Java System Content Delivery Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. | |||||
| CVE-2003-0949 | 1 Michael Bischoff | 1 Xsok | 2025-04-03 | 4.6 MEDIUM | N/A |
| xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. | |||||
| CVE-2003-0058 | 2 Mit, Sun | 4 Kerberos 5, Enterprise Authentication Mechanism, Solaris and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | |||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2025-04-03 | 7.5 HIGH | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | |||||
| CVE-2006-0315 | 1 Indexcor | 1 Ezdatabase | 2025-04-03 | 5.8 MEDIUM | N/A |
| index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. | |||||
| CVE-2006-0336 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". | |||||
| CVE-2005-0105 | 1 Typespeed | 1 Typespeed | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges. | |||||
| CVE-2001-0176 | 1 Voyant Technologies | 1 Sonata | 2025-04-03 | 7.2 HIGH | N/A |
| The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. | |||||
| CVE-2006-1712 | 1 Gnu | 1 Mailman | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | |||||