Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3009 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.
|
|||||
| CVE-2005-1639 | 1 Atinegar | 1 Sigma Isp Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields.
|
|||||
| CVE-2002-0786 | 1 Critical Path | 1 Injoin Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.
|
|||||
| CVE-2005-2064 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp.
|
|||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
|
|||||
| CVE-2005-1611 | 1 Web Crossing Inc | 1 Web Crossing | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script.
|
|||||
| CVE-2000-0082 | 1 Microsoft | 1 Webtv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
|
|||||
| CVE-2000-0912 | 1 Jcs Web Works | 1 Multihtml | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.
|
|||||
| CVE-2006-4740 | 1 Jetbox | 1 Jetbox Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
|
|||||
| CVE-2001-0461 | 1 Denis Howe | 1 Foldoc | 2025-04-03 | 7.5 HIGH | N/A |
|
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
|
|||||
| CVE-2006-4441 | 1 Ay System Solutions | 1 Ay System Solutions Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2004-2583 | 1 Smartertools | 1 Smartermail | 2025-04-03 | 7.8 HIGH | N/A |
|
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.
|
|||||
| CVE-2001-1414 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
|
|||||
| CVE-2005-2438 | 1 Usebb | 1 Usebb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value.
|
|||||
| CVE-2001-1513 | 1 Macromedia | 1 Jrun | 2025-04-03 | 7.5 HIGH | N/A |
|
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.
|
|||||
| CVE-2000-0677 | 1 Ibm | 1 Net.data | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
|
|||||
| CVE-2001-0140 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2025-04-03 | 1.2 LOW | N/A |
|
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
|
|||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.
|
|||||
| CVE-2006-1297 | 1 Symantec Veritas | 2 Backup Exec, Backup Exec Remote Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors."
|
|||||
| CVE-2006-2728 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.
|
|||||
| CVE-2005-0857 | 1 Coolforum | 1 Coolforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter.
|
|||||
| CVE-2005-0799 | 1 Oracle | 1 Mysql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
|
|||||
| CVE-2005-2720 | 1 Hauri | 4 Livecall, Virobot Advanced Server, Virobot Expert and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.
|
|||||
| CVE-2005-2815 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 6.4 MEDIUM | N/A |
|
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
|
|||||
| CVE-1999-1328 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.
|
|||||
| CVE-2005-2679 | 1 Sysinternals | 1 Process Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process.
|
|||||
| CVE-2002-1619 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).
|
|||||
| CVE-2000-0346 | 1 Apple | 1 Appleshare | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
|
|||||
| CVE-2004-0133 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
|
|||||
| CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
|
|||||
| CVE-2006-1776 | 1 Simplog | 1 Simplog | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter.
|
|||||
| CVE-2001-1065 | 1 Cisco | 1 Cbos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
|
|||||
| CVE-1999-0461 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2025-04-03 | 10.0 HIGH | N/A |
|
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
|
|||||
| CVE-2006-0209 | 1 Tanklogger | 1 Tanklogger | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php.
|
|||||
| CVE-2005-1278 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
|
|||||
| CVE-2004-0635 | 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more | 5 Ethereal, Linux, Mandrake Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
|
|||||
| CVE-1999-1095 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.
|
|||||
| CVE-2004-1183 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
|
|||||
| CVE-2006-0944 | 1 Archangelmgt | 1 Weblog | 2025-04-03 | 7.5 HIGH | N/A |
|
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
|
|||||
| CVE-2005-3264 | 1 Zeroblog | 1 Zeroblog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter.
|
|||||