Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0475 | 1 Ashley Brown | 1 Iweb Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474.
|
|||||
| CVE-2006-3361 | 1 Stud.ip | 1 Stud.ip | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php.
|
|||||
| CVE-2006-1820 | 1 Modxcms | 1 Modxcms | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.
|
|||||
| CVE-2006-0491 | 1 Subzane | 1 Szusermgnt | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2006-1631 | 1 Cisco | 1 Content Services Switch 11500 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests.
|
|||||
| CVE-2005-2326 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php.
|
|||||
| CVE-2006-1523 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 10.0 HIGH | N/A |
|
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.
|
|||||
| CVE-2005-0516 | 1 Twiki | 1 Imagegalleryplugin | 2025-04-03 | 7.5 HIGH | N/A |
|
The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails.
|
|||||
| CVE-2001-1394 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
|
|||||
| CVE-2002-2099 | 1 Gnu | 1 Data Display Debugger | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
|
|||||
| CVE-2006-3794 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried.
|
|||||
| CVE-2002-1917 | 1 Geeklog | 1 Geeklog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
|
|||||
| CVE-2004-2370 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
|
|||||
| CVE-2000-1046 | 1 Lotus | 1 Domino | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
|
|||||
| CVE-2002-2037 | 1 Cisco | 5 Bams, Pgw 2200, Sc2200 and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
|
|||||
| CVE-2001-0324 | 1 Microsoft | 2 Windows 2000, Windows 98 | 2025-04-03 | 2.6 LOW | N/A |
|
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
|
|||||
| CVE-2005-4818 | 1 Copernicus | 1 Europa | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-0638 | 3 Altlinux, Suse, Xli | 3 Alt Linux, Suse Linux, Xli | 2025-04-03 | 7.5 HIGH | N/A |
|
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
|
|||||
| CVE-2003-0935 | 1 Net-snmp | 1 Net-snmp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
|
|||||
| CVE-2006-4956 | 1 Neosys | 1 Neon Webmail | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.
|
|||||
| CVE-2002-0145 | 1 Scott Parish | 1 Chuid | 2025-04-03 | 7.5 HIGH | N/A |
|
chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root.
|
|||||
| CVE-2005-1156 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
|
|||||
| CVE-2006-3297 | 1 Uebimiau | 1 Uebimiau | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-3701 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
|
|||||
| CVE-2005-2526 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
|
|||||
| CVE-2006-4677 | 1 Phpopenchat | 1 Phpopenchat | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be ...
Show More |
|||||
| CVE-2003-1068 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
|
|||||
| CVE-2005-0527 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
|
|||||
| CVE-2005-4322 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.
|
|||||
| CVE-2005-3208 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
|
|||||
| CVE-2001-1252 | 1 Pgp | 1 Keyserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
|
|||||
| CVE-2005-4250 | 1 Mcgallery | 1 Mcgallery Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.
|
|||||
| CVE-2001-0586 | 1 Trend Micro | 1 Scanmail Exchange | 2025-04-03 | 4.6 MEDIUM | N/A |
|
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.
|
|||||
| CVE-2000-1153 | 1 Kenny Carruthers | 1 Postmaster | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
|
|||||
| CVE-2005-2135 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters.
|
|||||
| CVE-2003-0579 | 1 Ibm | 1 U2 Universe | 2025-04-03 | 4.6 MEDIUM | N/A |
|
uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.
|
|||||
| CVE-2006-2948 | 1 Alan Ward | 1 A-cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information.
|
|||||
| CVE-2002-1767 | 1 Oracle | 1 Database Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
|
|||||
| CVE-2001-1543 | 1 Axis | 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
|
|||||
| CVE-2005-4025 | 1 Help Desk Reloaded | 1 Free Help Desk | 2025-04-03 | 7.5 HIGH | N/A |
|
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user.
|
|||||