Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3418 | 1 Tor | 1 Tor | 2025-04-03 | N/A |
| Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. | ||||
| CVE-2006-3515 | 1 Myiosoft.com | 1 Ajaxportal | 2025-04-03 | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | ||||
| CVE-2004-1269 | 2 Easy Software Products, Redhat | 3 Cups, Enterprise Linux, Fedora Core | 2025-04-03 | N/A |
| lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. | ||||
| CVE-2004-1291 | 1 Amir Malik | 1 Qwik Smtpd | 2025-04-03 | N/A |
| Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. | ||||
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | ||||
| CVE-2004-1293 | 1 Rtf2latex2e | 1 Rtf2latex2e | 2025-04-03 | N/A |
| Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file. | ||||
| CVE-2004-1297 | 1 Zack Smith | 1 Unrtf | 2025-04-03 | N/A |
| Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file. | ||||
| CVE-2004-1300 | 1 Xine | 1 Xine-lib | 2025-04-03 | N/A |
| Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file. | ||||
| CVE-2004-1314 | 1 Apple | 1 Safari | 2025-04-03 | N/A |
| Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | ||||
| CVE-2004-1319 | 2 Microsoft, Nortel | 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more | 2025-04-03 | N/A |
| The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||||
| CVE-2005-1492 | 1 Gossamer Threads | 2 Gossamer Threads Links, Gossamer Threads Links-sql | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2004-1340 | 1 Debian | 1 Debian Linux | 2025-04-03 | N/A |
| Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information. | ||||
| CVE-2005-0761 | 3 Imagemagick, Redhat, Sgi | 3 Imagemagick, Enterprise Linux, Propack | 2025-04-03 | N/A |
| Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. | ||||
| CVE-2005-1495 | 1 Oracle | 3 Application Server, Oracle10g, Oracle9i | 2025-04-03 | N/A |
| Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | ||||
| CVE-2005-0765 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2025-04-03 | N/A |
| Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash). | ||||
| CVE-2006-3444 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." | ||||
| CVE-2006-0698 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | N/A |
| Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | ||||
| CVE-2006-1532 | 1 Deltascripts | 1 Php Classifieds | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. | ||||
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | N/A |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | ||||
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||