Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0495 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).
|
|||||
| CVE-2002-1918 | 1 Microsoft | 1 Data Access Components | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
|
|||||
| CVE-2006-0910 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ ...
Show More |
|||||
| CVE-2005-1305 | 1 Hyper.cgi | 1 Hyper.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
|
|||||
| CVE-2005-1994 | 1 Finjan Software | 1 Surfingate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e".
|
|||||
| CVE-2004-2038 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php.
|
|||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations.
|
|||||
| CVE-2006-1774 | 1 Hp | 2 Compaqhttpserver, System Management Homepage | 2025-04-03 | 7.5 HIGH | N/A |
|
HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL.
|
|||||
| CVE-1999-0103 | 2025-04-03 | 5.0 MEDIUM | N/A | ||
|
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
|
|||||
| CVE-2000-1005 | 1 Extropia | 1 Extropia Webstore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
|
|||||
| CVE-2005-2215 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
|
|||||
| CVE-2002-1349 | 1 Trend Micro | 2 Officescan, Pc-cillin | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
|
|||||
| CVE-2005-0435 | 1 Awstats | 1 Awstats | 2025-04-03 | 5.0 MEDIUM | N/A |
|
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
|
|||||
| CVE-2005-0113 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.
|
|||||
| CVE-2004-2523 | 1 Openftpd | 1 Openftpd Ftp Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
|
|||||
| CVE-2005-4480 | 1 Plexcor | 1 Plexcor Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
|
|||||
| CVE-2002-0943 | 1 Metalinks | 1 Metacart2.sql | 2025-04-03 | 6.4 MEDIUM | N/A |
|
MetaCart2.sql stores the user database under the web document root without access controls, which allows remote attackers to obtain sensitive information such as passwords and credit card numbers via a direct request for metacart.mdb.
|
|||||
| CVE-2006-1798 | 1 Rateit | 1 Rateit | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter.
|
|||||
| CVE-2005-2026 | 1 Enterasys | 1 Vertical Horizon-2402s | 2025-04-03 | 7.5 HIGH | N/A |
|
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.
|
|||||
| CVE-2001-0974 | 1 Oracle | 1 Internet Directory | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2002-0120 | 1 Palm | 1 Palm Desktop | 2025-04-03 | 2.1 LOW | N/A |
|
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.
|
|||||
| CVE-2002-2015 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
|
|||||
| CVE-2000-0642 | 1 Itafrica | 1 Webactive | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.
|
|||||
| CVE-2005-1190 | 1 Webcamxp | 1 Webcamxp Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered.
|
|||||
| CVE-2005-2662 | 1 Masqmail | 1 Masqmail | 2025-04-03 | 7.5 HIGH | N/A |
|
masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message.
|
|||||
| CVE-2001-1573 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
|
|||||
| CVE-2006-0808 | 1 Mute | 1 Mute | 2025-04-03 | 6.4 MEDIUM | N/A |
|
MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes.
|
|||||
| CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
|
|||||
| CVE-2001-1307 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2000-0566 | 3 Caldera, Mandrakesoft, Redhat | 3 Openlinux, Mandrake Linux, Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
|
|||||
| CVE-1999-1109 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
|
|||||
| CVE-2006-1221 | 1 Zonelabs | 1 Zonealarm Security Suite | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of e ...
Show More |
|||||
| CVE-2004-2063 | 1 Antiboard | 1 Antiboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.
|
|||||
| CVE-2005-2243 | 1 Cisco | 1 Call Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.
|
|||||
| CVE-2004-1182 | 1 Hylafax | 1 Hylafax | 2025-04-03 | 7.5 HIGH | N/A |
|
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
|
|||||
| CVE-2003-1274 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.
|
|||||
| CVE-2005-0501 | 1 Digipen Institute Of Technology | 1 Bontago | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname.
|
|||||
| CVE-2005-1424 | 1 Stumbleinside | 1 Gotext | 2025-04-03 | 2.1 LOW | N/A |
|
StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.
|
|||||
| CVE-2005-2862 | 1 Road Runner | 1 Adsl Road Runner Modem | 2025-04-03 | 7.5 HIGH | N/A |
|
ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access.
|
|||||
| CVE-2001-1028 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
|
|||||