Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | |||||
| CVE-2005-4168 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username. | |||||
| CVE-2006-0971 | 1 Lionel Reyero | 1 Directcontact | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2004-0690 | 1 Kde | 1 Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
| The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. | |||||
| CVE-2000-1203 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
| Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. | |||||
| CVE-2003-1280 | 1 Eekim | 1 Cgihtml | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads. | |||||
| CVE-2003-0009 | 1 Microsoft | 2 Windows Me, Windows Xp | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. | |||||
| CVE-2002-0578 | 1 Aci | 1 4d Webserver | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. | |||||
| CVE-2004-1690 | 1 Rhinosoft | 1 Dns4me | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. | |||||
| CVE-2005-3424 | 1 Gnu | 1 Gnump3d | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. | |||||
| CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2004-2085 | 1 Brad Fears | 1 Phpcodecabinet | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. | |||||
| CVE-2005-3743 | 1 Simplepoll | 1 Simplepoll | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | |||||
| CVE-2002-0037 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | 7.5 HIGH | N/A |
| Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object. | |||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | |||||
| CVE-2002-2097 | 1 Maradns | 1 Maradns | 2025-04-03 | 5.0 MEDIUM | N/A |
| The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. | |||||
| CVE-2001-0392 | 1 Navision | 1 Financials Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash. | |||||
| CVE-2005-4270 | 1 Watchfire | 1 Appscan Qa | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. | |||||
| CVE-1999-0206 | 1 Eric Allman | 1 Sendmail | 2025-04-03 | 10.0 HIGH | N/A |
| MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. | |||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | |||||