Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2650 | 1 Apache | 1 James | 2025-04-03 | 4.9 MEDIUM | N/A |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | |||||
| CVE-2006-3509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
| Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. | |||||
| CVE-2004-2360 | 1 Targem Games | 1 Battle Mages | 2025-04-03 | 5.0 MEDIUM | N/A |
| Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent. | |||||
| CVE-2002-0811 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi. | |||||
| CVE-2006-4331 | 1 Wireshark | 1 Wireshark | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2006-0547 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265. | |||||
| CVE-2005-1314 | 1 Horde | 1 Kronolith | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2005-1427 | 1 Uapplication | 1 Uphotogallery | 2025-04-03 | 7.5 HIGH | N/A |
| Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | |||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
| CVE-2006-4628 | 1 Vcd-db | 1 Vcd-db | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments. | |||||
| CVE-2005-1846 | 1 Yamt | 1 Yamt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. | |||||
| CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | |||||
| CVE-2005-4820 | 1 Smc Networks | 1 Smc7904wbra | 2025-04-03 | 5.0 MEDIUM | N/A |
| SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic. | |||||
| CVE-2000-0758 | 1 Lyris | 1 List Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
| The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2025-04-03 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2000-0677 | 1 Ibm | 1 Net.data | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. | |||||
| CVE-2005-3694 | 1 Centericq | 1 Centericq | 2025-04-03 | 7.8 HIGH | N/A |
| centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. | |||||
| CVE-2005-4631 | 1 Ryan Lath | 1 Zina | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2005-3309 | 1 Zomplog | 1 Zomplog | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php. | |||||
| CVE-2006-0610 | 1 2200net | 1 2200net Calendar | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php. | |||||