Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1166 | 1 Http Commander | 1 Http Commander | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2001-1100 | 1 Spencer Miles | 1 W3mail | 2025-04-03 | 7.5 HIGH | N/A |
|
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
|
|||||
| CVE-2003-0256 | 1 Kde | 1 Kopete | 2025-04-03 | 7.5 HIGH | N/A |
|
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-2978 | 1 Mafia Moblog | 1 Mafia Moblog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php.
|
|||||
| CVE-2002-0144 | 1 Scott Parish | 1 Chuid | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack.
|
|||||
| CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2025-04-03 | 7.5 HIGH | N/A |
|
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
|
|||||
| CVE-1999-0706 | 2 Isc, Redhat | 2 Inn, Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
|
|||||
| CVE-2003-1170 | 1 Gernot Stocker | 1 Kpopup | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.
|
|||||
| CVE-2000-0355 | 3 Bent Bagger, Redhat, Suse | 3 Pbpg, Linux, Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.
|
|||||
| CVE-2005-4668 | 1 Parosproxy | 1 Parosproxy | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
|
|||||
| CVE-2005-2154 | 1 Osticket | 1 Osticket Sts | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
|
|||||
| CVE-1999-0512 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers.
|
|||||
| CVE-2005-3052 | 1 Jportal | 1 Jportal Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php.
|
|||||
| CVE-2004-2552 | 1 Tim Mann | 1 Xboard | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
|
|||||
| CVE-2004-2355 | 1 Crafty Syntax Live Help | 1 Crafty Syntax Live Help | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.
|
|||||
| CVE-1999-0832 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
|
|||||
| CVE-2005-3002 | 1 Xclusive-software | 1 Mccs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet.
|
|||||
| CVE-2005-3888 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 7.8 HIGH | N/A |
|
Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped.
|
|||||
| CVE-2001-0521 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2025-04-03 | 7.5 HIGH | N/A |
|
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
|
|||||
| CVE-2006-3200 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character. NOTE: some third parties were unable to verify this issue.
|
|||||
| CVE-2002-0967 | 1 Edonkey2000 | 1 Edonkey 2000 Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL.
|
|||||
| CVE-2004-1820 | 1 Warpspeed | 1 4nalbum Module | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
|
|||||
| CVE-2005-0071 | 1 Vdr | 1 Vdr | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.
|
|||||
| CVE-2003-0846 | 1 Suse | 1 Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.
|
|||||
| CVE-2006-0531 | 1 Sun | 1 Java System Access Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
|
|||||
| CVE-2000-0500 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
|
|||||
| CVE-2002-2220 | 1 Chetcpasswd | 1 Chetcpasswd | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2006-2145 | 1 Harold Bakker | 1 Hb-ns | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.
|
|||||
| CVE-2005-1291 | 1 Cartwiz | 1 Asp Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
|
|||||
| CVE-2004-2423 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
|
|||||
| CVE-2005-2632 | 1 Mediabox404 | 1 Mediabox404 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field.
|
|||||
| CVE-2001-0366 | 1 Sap | 2 Sap R 3 Web Application Server Demo, Saposcol | 2025-04-03 | 7.2 HIGH | N/A |
|
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.
|
|||||
| CVE-2004-2079 | 1 Red-m | 1 Red-alert | 2025-04-03 | 7.5 HIGH | N/A |
|
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
|
|||||
| CVE-1999-0541 | 2025-04-03 | 7.5 HIGH | N/A | ||
|
A password for accessing a WWW URL is guessable.
|
|||||
| CVE-2005-3758 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
|
|||||
| CVE-2006-1583 | 1 Juliusz Julas Gonera | 1 Warcraft Iii Replay Parser Php | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.
|
|||||
| CVE-2000-0926 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.
|
|||||
| CVE-2006-4424 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
|
|||||
| CVE-2003-0897 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.
|
|||||
| CVE-2001-0426 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
|
|||||