Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2007 | 1 Winny | 1 Winny | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. | |||||
| CVE-2005-2338 | 1 Xoops | 1 Xoops | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. | |||||
| CVE-2006-3077 | 1 Axent | 1 Axentguestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. | |||||
| CVE-1999-0960 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option. | |||||
| CVE-2006-2824 | 1 Logicalware | 1 Mailmanager | 2025-04-03 | 7.5 HIGH | N/A |
| Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | |||||
| CVE-2005-0730 | 1 Py Software | 1 Active Webcam | 2025-04-03 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. | |||||
| CVE-2005-1983 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. | |||||
| CVE-2005-2583 | 1 Mentor | 1 Adslfr4ii | 2025-04-03 | 7.5 HIGH | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. | |||||
| CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 4.6 MEDIUM | N/A |
| vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. | |||||
| CVE-2003-0495 | 1 Ledscripts.com | 1 Lednews | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item. | |||||
| CVE-2004-0372 | 1 Xine | 1 Xine | 2025-04-03 | 2.1 LOW | N/A |
| xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. | |||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-0925 | 1 Uapplication | 1 Ublog Reload | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2003-0786 | 1 Openbsd | 1 Openssh | 2025-04-03 | 10.0 HIGH | N/A |
| The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. | |||||
| CVE-2005-3303 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 7.5 HIGH | N/A |
| The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. | |||||
| CVE-1999-1156 | 1 Bisonware | 1 Bisonware Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. | |||||
| CVE-2003-0092 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable. | |||||
| CVE-1999-1270 | 1 Kde | 1 Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
| KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. | |||||
| CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2025-04-03 | 4.6 MEDIUM | N/A |
| cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. | |||||
| CVE-2005-2096 | 1 Zlib | 1 Zlib | 2025-04-03 | 7.5 HIGH | N/A |
| zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | |||||