Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0908 | 1 Netcplus | 1 Browsegate | 2025-04-03 | N/A |
| BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. | ||||
| CVE-2001-0398 | 1 Ritlabs | 1 The Bat | 2025-04-03 | N/A |
| The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon. | ||||
| CVE-2002-1321 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | N/A |
| Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename. | ||||
| CVE-2004-2475 | 1 Google | 1 Toolbar | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. | ||||
| CVE-2001-0404 | 1 Sun | 1 Javaserver Web Dev Kit | 2025-04-03 | N/A |
| Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. | ||||
| CVE-2004-2476 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source. | ||||
| CVE-2002-0362 | 1 Aol | 1 Instant Messenger | 2025-04-03 | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. | ||||
| CVE-2001-0423 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. | ||||
| CVE-1999-1537 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. | ||||
| CVE-2000-1000 | 1 Aol | 1 Instant Messenger | 2025-04-03 | N/A |
| Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. | ||||
| CVE-2000-1008 | 1 Palm | 1 Palm Os | 2025-04-03 | N/A |
| PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. | ||||
| CVE-2000-1017 | 1 Webteacher | 1 Webdata | 2025-04-03 | N/A |
| Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. | ||||
| CVE-2000-1018 | 1 Mendel Cooper | 1 Shred | 2025-04-03 | N/A |
| shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file. | ||||
| CVE-2002-0381 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | N/A |
| The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address. | ||||
| CVE-2005-3194 | 1 Estsoft | 1 Alzip | 2025-04-03 | N/A |
| Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive. | ||||
| CVE-2006-3821 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php. | ||||
| CVE-2004-2505 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | N/A |
| Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | ||||
| CVE-1999-1556 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
| Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | ||||
| CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2025-04-03 | N/A |
| Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | ||||
| CVE-2002-1334 | 1 Bizdesign | 1 Imagefolio | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. | ||||