Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
|
|||||
| CVE-2000-0065 | 1 Avtronics | 1 Inetserv | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.
|
|||||
| CVE-2005-3217 | 1 Symantec | 1 Antivirus Scan Engine | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2005-0929 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
|
|||||
| CVE-2001-0693 | 1 Webtrends | 2 Webtrends Enterprise Reporting Server, Webtrends Enterprise Reporting Server Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).
|
|||||
| CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
|
|||||
| CVE-2002-2065 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
|
|||||
| CVE-2003-0653 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required "PKTHDR" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets.
|
|||||
| CVE-2006-1996 | 1 Scry Gallery | 1 Scry Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message.
|
|||||
| CVE-2005-2230 | 1 Elmo | 1 Elmo | 2025-04-03 | 2.1 LOW | N/A |
|
Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2004-0624 | 1 Artmedic Webdesign | 1 Artmedic Links | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2006-2043 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
|
|||||
| CVE-2003-0228 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
|
|||||
| CVE-2004-0765 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
|
|||||
| CVE-2006-2979 | 1 Viart | 1 Shop | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.
|
|||||
| CVE-2004-0305 | 1 Webcortex | 1 Webstores 2000 | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter.
|
|||||
| CVE-1999-0194 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
Denial of service in in.comsat allows attackers to generate messages.
|
|||||
| CVE-2005-2479 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command.
|
|||||
| CVE-2005-3668 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.
|
|||||
| CVE-2004-0603 | 1 Gnu | 1 Gzip | 2025-04-03 | 10.0 HIGH | N/A |
|
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
|
|||||
| CVE-2004-1869 | 1 Nival Interactive | 2 Etherlords, Etherlords Ii | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory.
|
|||||
| CVE-1999-1079 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
|
|||||
| CVE-2002-1567 | 1 Apache | 1 Tomcat | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
|
|||||
| CVE-2002-1611 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
|
|||||
| CVE-2004-0062 | 1 Fishnet | 1 Fishcart | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
|
|||||
| CVE-2006-4849 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
|
|||||
| CVE-1999-0515 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.
|
|||||
| CVE-2005-4208 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
|
|||||
| CVE-2005-2687 | 1 Savewebportal | 1 Savewebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.
|
|||||
| CVE-2005-0271 | 1 Photopost | 1 Reviewpost Php Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.
|
|||||
| CVE-2003-0852 | 2 Sylpheed, Sylpheed-claws | 2 Sylpheed, Sylpheed-claws | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
|
|||||
| CVE-2006-4085 | 1 Olaf Noehring | 1 The Search Engine Project | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-1999-0760 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
|
|||||
| CVE-2006-2671 | 1 Calendarscripts.com | 1 Chatpat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.
|
|||||
| CVE-2006-0979 | 1 Nidelven It | 1 Issue Dealer | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors.
|
|||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields.
|
|||||
| CVE-2005-2169 | 1 Kaf Oseo | 1 Quick And Dirty Phpsource Printer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences.
|
|||||
| CVE-2005-4059 | 1 Locazo | 1 Locazolist | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter.
|
|||||
| CVE-2000-0303 | 1 Id Software | 1 Quake 3 Arena | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
|
|||||
| CVE-2006-3189 | 1 Hotplug Cms | 1 Hotplug Cms | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
|
|||||