Total
29554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1087 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2005-1315 | 1 Horde | 1 Turba | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | |||||
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2025-04-03 | 7.5 HIGH | N/A |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2002-0230 | 1 Faq-o-matic | 1 Faq-o-matic | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message. | |||||
| CVE-2006-0839 | 1 Sourcefire | 1 Snort | 2025-04-03 | 5.0 MEDIUM | N/A |
| The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. | |||||
| CVE-2005-1645 | 1 Keyvan1 | 1 Imagegallery | 2025-04-03 | 5.0 MEDIUM | N/A |
| Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-0596 | 1 Netscape | 1 Communicator | 2025-04-03 | 7.5 HIGH | N/A |
| Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. | |||||
| CVE-2005-4375 | 1 Box Uk | 1 Amaxus | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376. | |||||
| CVE-2004-1408 | 1 Singapore | 1 Image Gallery Web Application | 2025-04-03 | 7.5 HIGH | N/A |
| The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. | |||||
| CVE-2002-0438 | 1 Zyxel | 1 Zywall10 | 2025-04-03 | 5.0 MEDIUM | N/A |
| ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface. | |||||
| CVE-1999-0571 | 2025-04-03 | 10.0 HIGH | N/A | ||
| A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts. | |||||
| CVE-2006-0209 | 1 Tanklogger | 1 Tanklogger | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. | |||||
| CVE-2001-0912 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. | |||||
| CVE-2002-1849 | 1 Parachat | 1 Parachat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users. | |||||
| CVE-2001-0320 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 10.0 HIGH | N/A |
| bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. | |||||
| CVE-2003-0120 | 1 Mhc-utils | 1 Mhc-utils | 2025-04-03 | 1.2 LOW | N/A |
| adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | |||||
| CVE-1999-1481 | 1 National Science Foundation | 1 Squid Web Proxy | 2025-04-03 | 5.0 MEDIUM | N/A |
| Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. | |||||
| CVE-2004-0177 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
| The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | |||||
| CVE-2005-3910 | 1 Post Affiliate Pro | 1 Post Affiliate Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2006-0822 | 1 Emulinker Kaillera Server | 1 Emulinker Kaillera Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the server. | |||||