Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2025-04-03 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | |||||
| CVE-2005-4640 | 1 Class-1 | 1 Poll Software | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | |||||
| CVE-2006-3009 | 1 Aliacom | 1 Open Business Management | 2025-04-03 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php. | |||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2025-04-03 | 10.0 HIGH | N/A |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | |||||
| CVE-2001-0915 | 1 Berkeley | 1 Pmake | 2025-04-03 | 7.2 HIGH | N/A |
| Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. | |||||
| CVE-2005-0758 | 2 Canonical, Gnu | 2 Ubuntu Linux, Gzip | 2025-04-03 | 4.6 MEDIUM | N/A |
| zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | |||||
| CVE-2006-1329 | 1 Jabberstudio | 1 Jabberd | 2025-04-03 | 5.0 MEDIUM | N/A |
| The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". | |||||
| CVE-2003-0610 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. | |||||
| CVE-2004-0402 | 2 Mandrakesoft, Xpcd | 2 Mandrake Linux, Xpcd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code. | |||||
| CVE-2004-2048 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
| radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access. | |||||
| CVE-2006-0057 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. | |||||
| CVE-2002-2308 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | |||||
| CVE-2006-0310 | 1 Mike Helton | 1 Aoblogger | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag. | |||||
| CVE-2005-4457 | 1 Mailenable | 1 Mailenable Enterprise | 2025-04-03 | 7.5 HIGH | N/A |
| MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | |||||
| CVE-2006-1701 | 1 Shadowed Portal | 1 Shadowed Portal | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | |||||
| CVE-2005-0114 | 2 Checkpoint, Zonelabs | 3 Check Point Integrity Client, Zonealarm, Zonealarm Wireless Security | 2025-04-03 | 2.1 LOW | N/A |
| vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer. | |||||
| CVE-2005-2737 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2006-0614 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | |||||
| CVE-2005-4716 | 1 Hitachi | 2 Tpi Net Library, Tpi Server Base | 2025-04-03 | 5.0 MEDIUM | N/A |
| Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes. | |||||
| CVE-2005-1310 | 1 Eaden Mckee | 1 Bblog | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||