Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
| CVE-2005-3547 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. | |||||
| CVE-2006-4663 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | 7.8 HIGH |
| The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios | |||||
| CVE-2000-0493 | 1 Atrius Trivalie Sn | 1 Time Sync | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. | |||||
| CVE-2005-3401 | 1 Thehacker | 1 Thehacker | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2002-2111 | 1 Gianni Tedesco | 1 Fwmon | 2025-04-03 | 5.0 MEDIUM | N/A |
| Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet. | |||||
| CVE-2004-2624 | 1 Wackowiki | 1 Wackowiki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. | |||||
| CVE-2000-0541 | 1 Panda | 1 Panda Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
| The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. | |||||
| CVE-2003-0207 | 1 Gs-common | 1 Gs-common | 2025-04-03 | 2.1 LOW | N/A |
| ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. | |||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
| The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | |||||
| CVE-2002-2023 | 1 Yamaguchi | 1 Shingo Beep2 | 2025-04-03 | 2.1 LOW | N/A |
| The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors. | |||||
| CVE-2006-3185 | 1 Cms Faethon | 1 Cms Faethon | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter. | |||||
| CVE-2000-0461 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2025-04-03 | 2.1 LOW | N/A |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. | |||||
| CVE-2004-0325 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | 2.1 LOW | N/A |
| TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty". | |||||
| CVE-2006-2412 | 1 Raydium | 1 Raydium | 2025-04-03 | 5.0 MEDIUM | N/A |
| The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | |||||
| CVE-2000-1088 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2005-2343 | 1 Rim | 3 Blackberry, Blackberry Desktop Manager, Blackberry Device Software | 2025-04-03 | 2.6 LOW | N/A |
| Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. | |||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 5.0 MEDIUM | N/A |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. | |||||
| CVE-2005-0769 | 1 Openslp | 1 Openslp | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets. | |||||