Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2081 | 1 Oracle | 1 Database Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se. | |||||
| CVE-2006-2463 | 1 Out Of The Trees Web Design | 1 Selectapix | 2025-04-03 | 5.0 MEDIUM | N/A |
| view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. | |||||
| CVE-2004-1702 | 1 Gnu | 1 Cfengine | 2025-04-03 | 5.0 MEDIUM | N/A |
| The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2001-0664 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." | |||||
| CVE-2004-1184 | 4 Gnu, Redhat, Sgi and 1 more | 4 Enscript, Fedora Core, Propack and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2005-3889 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 7.8 HIGH | N/A |
| Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. | |||||
| CVE-2000-0640 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-03 | 7.5 HIGH | N/A |
| Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not. | |||||
| CVE-2006-3812 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. | |||||
| CVE-2006-0457 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.1 HIGH | N/A |
| Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory. | |||||
| CVE-2006-2975 | 1 Pbl Guestbook | 1 Pbl Guestbook | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information. | |||||
| CVE-2003-1267 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
| GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1. | |||||
| CVE-2005-0804 | 1 Mailenable | 1 Mailenable Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. | |||||
| CVE-2006-3118 | 1 Canonical | 1 Spread | 2025-04-03 | 1.2 LOW | N/A |
| spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue. | |||||
| CVE-2000-0107 | 1 Debian | 1 Debian Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. | |||||
| CVE-2003-0561 | 1 Iglooftp | 1 Iglooftp Pro | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands. | |||||
| CVE-2001-0349 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.2 HIGH | N/A |
| Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. | |||||
| CVE-1999-1571 | 1 Sco | 1 Openserver | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may allow local users to gain root privileges via a long -f parameter, a different vulnerability than CVE-1999-1570. | |||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | |||||
| CVE-2004-2425 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2025-04-03 | 7.5 HIGH | N/A |
| Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. | |||||
| CVE-1999-0716 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | |||||