Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4437 | 1 Venture Nine | 1 Tagger Le | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php.
|
|||||
| CVE-2006-1028 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.8 HIGH | N/A |
|
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.
|
|||||
| CVE-2005-3507 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.
|
|||||
| CVE-2005-2210 | 1 Tonec Inc. | 1 Internet Download Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.
|
|||||
| CVE-2006-3596 | 1 Cisco | 1 Ips Sensor Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet.
|
|||||
| CVE-2004-1796 | 1 Hotnews | 1 Hotnews | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
|
|||||
| CVE-2002-1496 | 1 Nulllogic | 1 Null Httpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
|
|||||
| CVE-2006-3992 | 1 Intel | 2 2200bg Proset Wireless, 2915abg Proset Wireless | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
|
|||||
| CVE-2004-1163 | 1 Cisco | 1 Cns Network Registrar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets.
|
|||||
| CVE-2005-1501 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.
|
|||||
| CVE-2003-1224 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
|
|||||
| CVE-2006-0133 | 1 Ibm | 1 Aix | 2025-04-03 | 3.6 LOW | N/A |
|
Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273.
|
|||||
| CVE-2000-0608 | 1 Netwin | 2 Cwmail, Dmailweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).
|
|||||
| CVE-2005-4452 | 1 Information Call Center | 1 Information Call Center | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
|
|||||
| CVE-2001-0387 | 1 Hylafax | 1 Hylafax | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
|
|||||
| CVE-2006-3531 | 1 Pivot | 1 Pivot | 2025-04-03 | 7.5 HIGH | N/A |
|
includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.
|
|||||
| CVE-2005-0473 | 3 Mandrakesoft, Redhat, Rob Flynn | 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
|
|||||
| CVE-2005-4722 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2025-04-03 | 5.0 MEDIUM | N/A |
|
_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message.
|
|||||
| CVE-2005-1917 | 1 Kpopper | 1 Kpopper | 2025-04-03 | 2.1 LOW | N/A |
|
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
|
|||||
| CVE-2006-0391 | 1 Apple | 1 Mac Os X | 2025-04-03 | 1.7 LOW | N/A |
|
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
|
|||||
| CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2003-1310 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
|
|||||
| CVE-2006-3222 | 1 Fortinet | 1 Fortios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.
|
|||||
| CVE-2004-2054 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.
|
|||||
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
|
|||||
| CVE-2006-1836 | 1 Symantec | 6 Liveupdate, Norton Antivirus, Norton Internet Security and 3 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
|
|||||
| CVE-2004-1591 | 1 Micronet | 1 Sp916bm | 2025-04-03 | 7.5 HIGH | N/A |
|
The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.
|
|||||
| CVE-2006-3023 | 1 Uapplication | 1 Uphotogallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters.
|
|||||
| CVE-2006-4556 | 2 Joomla, Mambo | 2 Jim Component, Jim Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
|
|||||
| CVE-2006-2872 | 1 Rumble | 1 Rumble | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter.
|
|||||
| CVE-2005-1353 | 1 Forum.pl | 1 Forum.pl | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
|
|||||
| CVE-2002-0188 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
|
|||||
| CVE-2002-1003 | 1 Mywebserver | 1 Mywebserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2004-2481 | 1 Myproxy | 1 Myproxy | 2025-04-03 | 4.6 MEDIUM | N/A |
|
MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.
|
|||||
| CVE-2005-1652 | 1 Woppoware | 1 Postmaster | 2025-04-03 | 7.5 HIGH | N/A |
|
message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.
|
|||||
| CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2006-3695 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
|
|||||
| CVE-2001-0240 | 1 Microsoft | 1 Word | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
|
|||||
| CVE-2001-0251 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command.
|
|||||
| CVE-2000-0427 | 1 Aladdin Knowledge Systems | 1 Etoken | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.
|
|||||