Total
345232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0252 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. | ||||
| CVE-2005-2727 | 1 Ari Pikivirta | 1 Home Ftp Server | 2026-04-16 | N/A |
| Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst. | ||||
| CVE-2005-2729 | 1 Astaro | 1 Security Linux | 2026-04-16 | N/A |
| The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services. | ||||
| CVE-2006-4110 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | ||||
| CVE-2003-0107 | 2 Redhat, Zlib | 3 Enterprise Linux, Linux, Zlib | 2026-04-16 | N/A |
| Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. | ||||
| CVE-2006-0592 | 1 Lexmark | 1 Printer Sharing | 2026-04-16 | N/A |
| Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended. | ||||
| CVE-2002-2347 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. | ||||
| CVE-2002-2351 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). | ||||
| CVE-2002-2356 | 1 Hamweather | 1 Hamweather | 2026-04-16 | N/A |
| HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi. | ||||
| CVE-2003-0109 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2026-04-16 | N/A |
| Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. | ||||
| CVE-2006-0599 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. | ||||
| CVE-2005-1158 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-16 | N/A |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | ||||
| CVE-2005-2757 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | ||||
| CVE-2003-0119 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. | ||||
| CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2026-04-16 | N/A |
| ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. | ||||
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2026-04-16 | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | ||||
| CVE-2005-2766 | 1 Symantec | 1 Norton Antivirus | 2026-04-16 | N/A |
| Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | ||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | ||||
| CVE-2006-0600 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request. | ||||
| CVE-2003-0120 | 1 Mhc-utils | 1 Mhc-utils | 2026-04-16 | N/A |
| adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | ||||