Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1043 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
|
|||||
| CVE-2005-3585 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter.
|
|||||
| CVE-2001-0879 | 1 Microsoft | 4 Sql Server, Windows 2000, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
|
|||||
| CVE-2005-1574 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
|
|||||
| CVE-2006-1965 | 1 Aasi Media | 1 Net Clubs Pro | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.
|
|||||
| CVE-2005-2614 | 1 Crosscom Olicom | 1 Discuz | 2025-04-03 | 7.5 HIGH | N/A |
|
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
|
|||||
| CVE-2006-1266 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter.
|
|||||
| CVE-2000-0109 | 1 Comstock | 1 Multicsp | 2025-04-03 | 10.0 HIGH | N/A |
|
The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.
|
|||||
| CVE-2005-0822 | 1 Citrix | 1 Metaframe Password Manager | 2025-04-03 | 2.1 LOW | N/A |
|
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
|
|||||
| CVE-2006-4597 | 1 Icblogger | 1 Icblogger | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter.
|
|||||
| CVE-2004-1350 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
|
|||||
| CVE-2000-0565 | 1 Mindstorm | 1 Smartftp Daemon | 2025-04-03 | 2.1 LOW | N/A |
|
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
|
|||||
| CVE-2002-0924 | 1 Cgiscript.net | 1 Csnews | 2025-04-03 | 7.5 HIGH | N/A |
|
CGIScript.net csNews.cgi allows remote authenticated users to execute arbitrary Perl code via terminating quotes and metacharacters in text fields of the "Advanced Settings" capability.
|
|||||
| CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.
|
|||||
| CVE-2006-4917 | 1 Pt News | 1 Pt News | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
|
|||||
| CVE-2000-0022 | 1 Lotus | 1 Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.
|
|||||
| CVE-2005-1187 | 1 X-ways Software Technology Ag | 1 Winhex | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability.
|
|||||
| CVE-1999-1470 | 1 Eastman Software | 1 Work Management | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges.
|
|||||
| CVE-2003-0130 | 1 Ximian | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
|
|||||
| CVE-2006-3616 | 1 Carbonize | 1 Lazarus Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.
|
|||||
| CVE-2005-1699 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
|
|||||
| CVE-2005-3932 | 1 O-kiraku Nikki | 1 O-kiraku Nikki | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.
|
|||||
| CVE-2006-0839 | 1 Sourcefire | 1 Snort | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths.
|
|||||
| CVE-2005-1588 | 1 Open Solution | 1 Quick.cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection
|
|||||
| CVE-2004-1741 | 1 Music Daemon | 1 Music Daemon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.
|
|||||
| CVE-2004-2196 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
|
|||||
| CVE-2006-3324 | 1 Id Software | 1 Quake 3 Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
|
|||||
| CVE-2004-2342 | 1 Burton Sang | 1 Chatterbox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa".
|
|||||
| CVE-2001-0316 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
|
|||||
| CVE-2000-0495 | 1 Microsoft | 1 Windows Media Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.
|
|||||
| CVE-2001-0525 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.
|
|||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."
|
|||||
| CVE-2000-0551 | 1 Danware Data | 1 Netop | 2025-04-03 | 10.0 HIGH | N/A |
|
The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.
|
|||||
| CVE-2001-0530 | 1 Spearhead | 2 Netgap 200, Netgap 300 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.
|
|||||
| CVE-2006-2261 | 1 Acal | 1 Acal | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
|||||
| CVE-2006-2397 | 1 Gphotos | 1 Gphotos | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
|
|||||
| CVE-2004-1748 | 1 Sysinternals | 1 Regmon | 2025-04-03 | 2.1 LOW | N/A |
|
NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.
|
|||||
| CVE-2004-0611 | 1 Netgear | 1 Fvs318 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
|
|||||
| CVE-2006-3859 | 1 Ibm | 1 Informix Dynamic Database Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands.
|
|||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
|
|||||