Total
29864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0926 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets. | |||||
| CVE-2006-2765 | 1 Interlink Advantage | 1 Interlink Advantage | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter. | |||||
| CVE-2005-3556 | 1 Tincan | 1 Phplist | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. | |||||
| CVE-2006-2340 | 1 Lethal Penguin | 2 Passmasterflex, Passmasterflexplus | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. | |||||
| CVE-2003-0460 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. | |||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
| CVE-2005-0113 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges. | |||||
| CVE-2005-1248 | 1 Apple | 1 Itunes | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | |||||
| CVE-1999-0315 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Solaris fdformat command gives root access to local users. | |||||
| CVE-2000-0032 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
| Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. | |||||
| CVE-2006-3809 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. | |||||
| CVE-2002-1653 | 1 Farm9 | 1 Cryptcat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information. | |||||
| CVE-2006-1383 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2025-04-03 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not. | |||||
| CVE-2001-0751 | 1 Cisco | 1 Cbos | 2025-04-03 | 7.5 HIGH | N/A |
| Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-2005-3466 | 1 Oracle | 1 Peoplesoft Enterprise Customer Relationship Management | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. | |||||
| CVE-2005-2383 | 1 Phpnews | 1 Phpnews | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the user parameter in an HTTP POST request. | |||||
| CVE-2001-0910 | 1 Emc | 1 Networker | 2025-04-03 | 7.5 HIGH | N/A |
| Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. | |||||
| CVE-2005-0038 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 5.0 MEDIUM | N/A |
| The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | |||||
| CVE-2002-1618 | 1 Hp | 2 Hp-ux, Jfs | 2025-04-03 | 7.2 HIGH | N/A |
| JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems. | |||||
| CVE-2005-1029 | 1 Active Web Softwares | 1 Active Auction House | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp. | |||||