Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1398 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input." | |||||
| CVE-2006-2221 | 2 Bitrock, Process-one | 2 Install Builder, Ejabberd | 2025-04-03 | 2.1 LOW | N/A |
| A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. | |||||
| CVE-2001-1090 | 1 Alessandro Gardich | 1 Nss Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
| nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | |||||
| CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 5.0 MEDIUM | N/A |
| The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | |||||
| CVE-2004-1068 | 3 Linux, Redhat, Ubuntu | 5 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2025-04-03 | 6.2 MEDIUM | N/A |
| A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | |||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2025-04-03 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer. | |||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2025-04-03 | 5.0 MEDIUM | N/A |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2003-1330 | 2 Clearswift Limited, Microsoft | 2 Mailsweeper, All Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. | |||||
| CVE-2005-3186 | 2 Gnome, Gtk | 2 Gdkpixbuf, Gtk\+ | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | |||||
| CVE-2004-0245 | 1 Web Crossing Inc | 1 Web Crossing | 2025-04-03 | 5.0 MEDIUM | N/A |
| Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. | |||||
| CVE-2006-1116 | 1 Ncipher | 1 Ncore | 2025-04-03 | 5.0 MEDIUM | N/A |
| The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected. | |||||
| CVE-2006-3159 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2025-04-03 | 2.1 LOW | N/A |
| pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message. | |||||
| CVE-2006-0768 | 1 Kadu | 1 Kadu | 2025-04-03 | 5.0 MEDIUM | N/A |
| Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests. | |||||
| CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | |||||
| CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2025-04-03 | 6.4 MEDIUM | N/A |
| Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | |||||
| CVE-2005-3468 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files. | |||||
| CVE-2005-0379 | 1 Zeroboard | 1 Zeroboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php. | |||||
| CVE-2002-2203 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.9 MEDIUM | N/A |
| Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information. | |||||
| CVE-2002-0892 | 1 New Atlanta Communications | 1 Servletexec Isapi | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message. | |||||
| CVE-2005-0930 | 1 Chatness | 1 Chatness | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php. | |||||