Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1315 | 1 Horde | 1 Turba | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
|
|||||
| CVE-2000-0233 | 1 Suse | 1 Suse Linux Imap Server | 2025-04-03 | 10.0 HIGH | N/A |
|
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
|
|||||
| CVE-2005-4792 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-4643 | 1 Uni-vert | 1 Phpleague | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-1535 | 1 Phoetux.net | 1 Phxcontacts | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter.
|
|||||
| CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
|
|||||
| CVE-2004-2562 | 1 Leigh Business Enterprises | 1 Web Helpdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2004-0261 | 1 Openjournal | 1 Openjournal | 2025-04-03 | 10.0 HIGH | N/A |
|
oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.
|
|||||
| CVE-2005-2473 | 1 Churchinfo | 1 Churchinfo | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) ...
Show More |
|||||
| CVE-2006-0312 | 1 Mike Helton | 1 Aoblogger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
|
|||||
| CVE-2006-1321 | 1 Webcheck | 1 Webcheck | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.
|
|||||
| CVE-2005-0600 | 1 Cisco | 10 Application And Content Networking Software, Content Delivery Manager, Content Distribution Manager 4630 and 7 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.
|
|||||
| CVE-2005-4824 | 1 Glen Campbell | 1 Siteframe | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965.
|
|||||
| CVE-2004-1383 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.
|
|||||
| CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2025-04-03 | 6.4 MEDIUM | N/A |
|
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
|
|||||
| CVE-2002-0775 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 5.0 MEDIUM | N/A |
|
browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.
|
|||||
| CVE-2001-0870 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
|
|||||
| CVE-2005-4423 | 1 Phpfm | 1 Phpfm | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
|
|||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
|
|||||
| CVE-2006-0395 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
|
|||||
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 4.3 MEDIUM | N/A |
|
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do no ...
Show More |
|||||
| CVE-2002-0505 | 1 Cisco | 1 Call Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
|
|||||
| CVE-2006-0845 | 1 Leif M. Wright | 1 Web Blog | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname.
|
|||||
| CVE-2005-1325 | 1 Matthieu Aubry | 1 Phpmyvisites | 2025-04-03 | 5.0 MEDIUM | N/A |
|
set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.
|
|||||
| CVE-2006-4945 | 1 Cardway | 1 Digitalwebshop | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
|
|||||
| CVE-2002-0107 | 1 Cacheflow | 1 Cacheos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
|
|||||
| CVE-2006-4644 | 1 Phpfullannu | 1 Phpfullannu | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.
|
|||||
| CVE-2005-3442 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3) DB16 in Security Service.
|
|||||
| CVE-2006-3732 | 1 Cisco | 1 Cs-mars | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.
|
|||||
| CVE-2001-1253 | 1 Com2001 | 1 Alexis Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
|
|||||
| CVE-2001-0606 | 2 Hp, Sun | 2 Virtualvault, Iplanet Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
|
|||||
| CVE-2005-0905 | 1 Maxthon | 1 Maxthon | 2025-04-03 | 2.6 LOW | N/A |
|
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
|
|||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2004-1947 | 1 Softwin | 1 Bitdefender | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
|
|||||
| CVE-2006-1087 | 1 Php-stats | 1 Php-stats | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability.
|
|||||
| CVE-2001-1031 | 1 Charles Clark | 1 Meteor Ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command.
|
|||||
| CVE-2003-1287 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
|
|||||
| CVE-2002-0857 | 1 Oracle | 2 Database Server, Oracle8i | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.
|
|||||
| CVE-2005-4451 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
|
|||||
| CVE-2004-0354 | 1 Gnu | 1 Anubis | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
|
|||||