Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3826 | 1 Ezy Helpdesk | 1 Ezyhelpdesk | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | ||||
| CVE-2005-3827 | 1 Agileco | 1 Agilebill | 2025-04-03 | N/A |
| SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2003-1292 | 1 Ashwebstudio | 1 Ashnews | 2025-04-03 | N/A |
| PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php. | ||||
| CVE-2003-1321 | 1 Avant Force | 1 Avant Browser | 2025-04-03 | N/A |
| Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. | ||||
| CVE-2003-1476 | 1 Cerberus | 1 Ftp Server | 2025-04-03 | N/A |
| Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. | ||||
| CVE-2005-3872 | 1 Ugroup | 1 Ugroup | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php. | ||||
| CVE-2003-0101 | 3 Engardelinux, Usermin, Webmin | 3 Guardian Digital Webtool, Usermin, Webmin | 2025-04-03 | N/A |
| miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. | ||||
| CVE-2005-3892 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | N/A |
| Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. | ||||
| CVE-2003-0130 | 2 Redhat, Ximian | 2 Linux, Evolution | 2025-04-03 | N/A |
| The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. | ||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | N/A |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | ||||
| CVE-2004-0326 | 1 Proxy-pro | 1 Professional Gatekeeper | 2025-04-03 | N/A |
| Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request. | ||||
| CVE-2004-1333 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2025-04-03 | N/A |
| Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow. | ||||
| CVE-2004-1334 | 2 Linux, Redhat | 3 Linux Kernel, Fedora Core, Linux | 2025-04-03 | N/A |
| Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow. | ||||
| CVE-2005-3974 | 1 Drupal | 1 Drupal | 2025-04-03 | N/A |
| Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | ||||
| CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2025-04-03 | N/A |
| Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | ||||
| CVE-2005-2917 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | ||||
| CVE-2004-1387 | 1 Apache | 1 Http Server | 2025-04-03 | N/A |
| The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-2339 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 8.4 High |
| Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed | ||||
| CVE-2006-2921 | 1 Cmpro Team | 1 Clan Manager Pro | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | ||||
| CVE-2006-2924 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2025-04-03 | N/A |
| Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | ||||