Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1121 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.
|
|||||
| CVE-2002-1492 | 1 Cisco | 1 Vpn 5000 Client | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.
|
|||||
| CVE-1999-0090 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX rcp command allows local users to obtain root access.
|
|||||
| CVE-2004-1622 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
|
|||||
| CVE-2005-1582 | 1 1two | 1 1two News | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables.
|
|||||
| CVE-2005-0865 | 1 Securecomputing | 1 Samsung Adsl Modem | 2025-04-03 | 7.5 HIGH | N/A |
|
Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi.
|
|||||
| CVE-2005-1162 | 1 Oneworldstore | 1 Oneworldstore | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
|
|||||
| CVE-2002-1495 | 1 Rudi Benkovic | 1 Jawmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
|
|||||
| CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines.
|
|||||
| CVE-2003-0990 | 1 Squirrelmail | 2 Gpg Plugin, Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
|
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
|
|||||
| CVE-2001-1478 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.
|
|||||
| CVE-2003-0007 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
|
|||||
| CVE-2002-0809 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
|
|||||
| CVE-1999-0523 | 2025-04-03 | N/A | N/A | ||
|
ICMP echo (ping) is allowed from arbitrary hosts.
|
|||||
| CVE-2005-0726 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.
|
|||||
| CVE-2002-1560 | 1 Martin Bauer | 1 Gbook | 2025-04-03 | 10.0 HIGH | N/A |
|
index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.
|
|||||
| CVE-1999-0003 | 5 Hp, Ibm, Sgi and 2 more | 6 Hp-ux, Aix, Irix and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
|
|||||
| CVE-2000-0062 | 1 Zope | 1 Zope | 2025-04-03 | 10.0 HIGH | N/A |
|
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
|
|||||
| CVE-2005-3638 | 1 Ekinboard | 1 Ekinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
|
|||||
| CVE-2005-0692 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
|
|||||
| CVE-2006-4761 | 1 Luke Hutteman | 1 Sharpreader | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
|
|||||
| CVE-2000-0434 | 1 Matthew Redman | 1 Allmanage | 2025-04-03 | 7.5 HIGH | N/A |
|
The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers.
|
|||||
| CVE-1999-0694 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
Denial of service in AIX ptrace system call allows local users to crash the system.
|
|||||
| CVE-2002-0235 | 1 Castelle | 1 Faxpress | 2025-04-03 | 7.5 HIGH | N/A |
|
Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.
|
|||||
| CVE-2004-1089 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
|
|||||
| CVE-2003-1052 | 1 Ibm | 2 Db2, Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
|
|||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2025-04-03 | 7.2 HIGH | N/A |
|
freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.
|
|||||
| CVE-2004-1850 | 1 Fluidgames | 1 The Rage | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Rage 1.01 and earlier allows remote attackers to cause a denial of service (infinite loop) via a TCP packet with the port and IP address set to zero.
|
|||||
| CVE-2004-1644 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address.
|
|||||
| CVE-2000-0872 | 1 Nathan Purciful | 1 Phpphotoalbum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-4015 | 1 Php Web | 1 Statistik | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.
|
|||||
| CVE-2006-1479 | 1 Serge Rey | 1 Gtd-php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) ...
Show More |
|||||
| CVE-2004-1474 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file.
|
|||||
| CVE-2006-1499 | 1 Source Workshop | 1 Vcounter | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable).
|
|||||
| CVE-2002-0033 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
|
|||||
| CVE-2005-1193 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.
|
|||||
| CVE-2002-0043 | 1 Todd Miller | 1 Sudo | 2025-04-03 | 7.2 HIGH | N/A |
|
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
|
|||||
| CVE-2006-3223 | 1 Broadcom | 3 Etrust Antivirus, Etrust Pestpatrol, Integrated Threat Management | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
|
|||||
| CVE-2002-0344 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.
|
|||||
| CVE-2003-0942 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa.
|
|||||