Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1668 | 1 Easyweb | 1 Factory Subjects Module | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.
|
|||||
| CVE-2001-0459 | 2 Afterstep.org, Rob Malda | 2 Afterstep, Ascdc | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
|
|||||
| CVE-2000-0235 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
|
|||||
| CVE-2003-1220 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
|
|||||
| CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 3 Konqueror, Mandrake Linux, Fedora Core | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
|
|||||
| CVE-2005-4778 | 1 Suse | 2 Suse Linux, Suse Sled Beagle | 2025-04-03 | 2.1 LOW | N/A |
|
The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions.
|
|||||
| CVE-2005-0333 | 1 Lanchat Pro Revival | 1 Lanchat Pro Revival | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet.
|
|||||
| CVE-2002-0475 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
|
|||||
| CVE-2005-2062 | 1 Active Web Softwares | 1 Activebuyandsell | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
|
|||||
| CVE-1999-0394 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
|
|||||
| CVE-2006-2969 | 1 L0j1k | 1 Tinymuw | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations.
|
|||||
| CVE-2000-0159 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.5 HIGH | N/A |
|
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.
|
|||||
| CVE-2006-4970 | 1 Wahm E-commerce | 1 Pie Cart Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
|
|||||
| CVE-2000-0898 | 1 Max Feoktistov | 1 Small Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.
|
|||||
| CVE-2006-2419 | 1 Php | 1 Directory Listing Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
|
|||||
| CVE-2002-1708 | 1 Basilix | 1 Basilix Webmail | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
|
|||||
| CVE-2001-0853 | 1 Entrust | 1 Getaccess | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
|
|||||
| CVE-2006-1110 | 1 Aztek Forum | 1 Aztek Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message.
|
|||||
| CVE-2005-2523 | 1 Apple | 2 Mac Os X, Weblog Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2002-0287 | 1 Powie | 1 Pforum | 2025-04-03 | 10.0 HIGH | N/A |
|
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
|
|||||
| CVE-2005-2593 | 1 Parlano | 1 Mindalign | 2025-04-03 | 10.0 HIGH | N/A |
|
Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors.
|
|||||
| CVE-2001-0206 | 1 Soft Lite | 1 Serverworx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request.
|
|||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2025-04-03 | 7.5 HIGH | N/A |
|
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
|
|||||
| CVE-2002-0851 | 1 Isdn4linux | 1 Isdn4linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.
|
|||||
| CVE-2005-4403 | 1 Qcm | 1 Marwel | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.
|
|||||
| CVE-2006-4023 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would ...
Show More |
|||||
| CVE-2002-0092 | 1 Cvs | 1 Cvs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
|
|||||
| CVE-2006-0051 | 1 Kaffeine | 1 Kaffeine Player | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.
|
|||||
| CVE-1999-0180 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
in.rshd allows users to login with a NULL username and execute commands.
|
|||||
| CVE-2005-0555 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
|
|||||
| CVE-2005-2742 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.
|
|||||
| CVE-2001-1569 | 1 Cmg | 1 Openwave Wap Gateway | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
|
|||||
| CVE-2003-0325 | 1 Ambrosia Software | 1 Maelstrom | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
|
|||||
| CVE-2002-1232 | 3 Debian, Hp, Redhat | 3 Debian Linux, Secure Os, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
|
|||||
| CVE-2005-1048 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.
|
|||||
| CVE-1999-0089 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX libDtSvc library can allow local users to gain root access.
|
|||||
| CVE-2005-0682 | 1 Drupal | 1 Drupal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.
|
|||||
| CVE-1999-0148 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
|
The handler CGI program in IRIX allows arbitrary command execution.
|
|||||
| CVE-2006-1157 | 1 Adp | 1 Adp Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.
|
|||||
| CVE-2006-2868 | 1 Claroline | 1 Claroline | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.
|
|||||