Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0316 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.
|
|||||
| CVE-2004-0188 | 1 Calife | 1 Calife | 2025-04-03 | 7.2 HIGH | N/A |
|
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
|
|||||
| CVE-2006-2117 | 1 Extrosoft | 1 Thyme | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.
|
|||||
| CVE-2000-1038 | 1 Ibm | 1 As400 Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.
|
|||||
| CVE-2002-0396 | 1 Red-m | 1 1050ap Lan Acess Point | 2025-04-03 | 7.5 HIGH | N/A |
|
The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session.
|
|||||
| CVE-2006-3663 | 1 Finjan | 1 Vital Security | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6.
|
|||||
| CVE-2004-0241 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 10.0 HIGH | N/A |
|
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
|
|||||
| CVE-2003-1328 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
|
|||||
| CVE-1999-1495 | 1 Suse | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.
|
|||||
| CVE-2005-2137 | 1 Nateon | 1 Nateon Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors.
|
|||||
| CVE-2005-2432 | 1 Tincan | 1 Phplist | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
|
|||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
|
|||||
| CVE-2006-0809 | 1 Skate Board | 1 Skate Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php.
|
|||||
| CVE-2006-2241 | 1 Ftrainsoft | 1 Fast Click | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175.
|
|||||
| CVE-2002-0322 | 1 Yahoo | 1 Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
|
|||||
| CVE-2004-1177 | 1 Gnu | 1 Mailman | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
|
|||||
| CVE-2006-1860 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
|
|||||
| CVE-2005-0613 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
|
|||||
| CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
|
|||||
| CVE-2005-1249 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
|
|||||
| CVE-2004-2106 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
|
|||||
| CVE-2005-2363 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
|
|||||
| CVE-2004-1271 | 1 Dxfscope | 1 Dxf File Format Viewer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file.
|
|||||
| CVE-2005-3896 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 7.8 HIGH | N/A |
|
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
|
|||||
| CVE-2006-1350 | 1 Articlesone | 1 99articles Directory | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter.
|
|||||
| CVE-2002-1315 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316).
|
|||||
| CVE-2002-0379 | 1 University Of Washington | 1 Uw-imap | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
|
|||||
| CVE-2006-2971 | 1 Overkill | 1 Overkill | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function.
|
|||||
| CVE-1999-0472 | 2 Network Appliance, Snmp | 2 Netcache, Snmp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.
|
|||||
| CVE-2005-3649 | 1 Moodle | 1 Moodle | 2025-04-03 | 2.6 LOW | N/A |
|
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
|
|||||
| CVE-2001-1353 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 2.6 LOW | N/A |
|
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
|
|||||
| CVE-1999-1245 | 1 Ucd-snmp | 1 Ucd-snmp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2005-3941 | 1 Greywyvern | 1 Orca Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
|
|||||
| CVE-2004-1868 | 1 Esignal | 1 Esignal | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
|
|||||
| CVE-2002-1632 | 1 Oracle | 1 Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
|
|||||
| CVE-2004-0944 | 1 Mitel | 1 Mitel 3300 Integrated Communication Platform | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
|
|||||
| CVE-2002-0735 | 2 C-note, Padl Software | 3 Squid Auth Ldap, Nss Ldap, Pam Ldap | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.
|
|||||
| CVE-2006-3142 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
|
|||||
| CVE-2006-3088 | 1 Cescripts | 1 Car Classifieds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-0441 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.
|
|||||