Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0511 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 7.5 HIGH | N/A |
|
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
|
|||||
| CVE-2000-0810 | 1 Cgi Script Center | 1 Auction Weaver | 2025-04-03 | 7.5 HIGH | N/A |
|
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
|
|||||
| CVE-2005-4746 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.8 HIGH | N/A |
|
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
|
|||||
| CVE-2000-0754 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
|
|||||
| CVE-2005-0973 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.
|
|||||
| CVE-2004-1304 | 3 File, Gentoo, Trustix | 3 File, Linux, Secure Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
|
|||||
| CVE-1999-0321 | 1 Sun | 1 Solaris | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
|
|||||
| CVE-1999-0266 | 1 Roar Smith | 1 Info2www | 2025-04-03 | 7.5 HIGH | N/A |
|
The info2www CGI script allows remote file access or remote command execution.
|
|||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
|
|||||
| CVE-2004-0651 | 1 Sun | 2 Jre, Sdk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
|
|||||
| CVE-2006-1341 | 1 Maian Events | 1 Maian Events | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
|
|||||
| CVE-2000-0488 | 1 Ithouse | 1 Ithouse Mail Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.
|
|||||
| CVE-2006-3529 | 1 Juniper | 1 Junos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed.
|
|||||
| CVE-2000-0275 | 1 Cryptocard | 1 Cryptoadmin | 2025-04-03 | 2.1 LOW | N/A |
|
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
|
|||||
| CVE-2004-0701 | 1 Sun | 1 Ray Server Software | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
|
|||||
| CVE-2002-0895 | 1 Matu | 1 Matu Ftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.
|
|||||
| CVE-2006-0990 | 1 Veritas | 1 Netbackup | 2025-04-03 | 9.0 HIGH | N/A |
|
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-1999-1087 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
|
|||||
| CVE-2006-0841 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter ...
Show More |
|||||
| CVE-2006-0348 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2004-0812 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
|
|||||
| CVE-2004-0425 | 1 Netegrity | 1 Sideminder Affiliate Agent | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.
|
|||||
| CVE-2002-1389 | 1 Typespeed | 1 Typespeed | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.
|
|||||
| CVE-2002-0138 | 1 Andreas Mueller | 1 Cdrdao | 2025-04-03 | 2.1 LOW | N/A |
|
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command.
|
|||||
| CVE-2006-0698 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
|
|||||
| CVE-2006-3736 | 1 Mambo | 1 Videodb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2000-0723 | 1 Helix Code | 1 Gnome Installer | 2025-04-03 | 1.2 LOW | N/A |
|
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
|
|||||
| CVE-2005-3535 | 1 Ketm | 1 Ketm | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2005-1555 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
|
|||||
| CVE-2006-4062 | 1 Dmitry Sheiko | 1 Sapid Shop | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter.
|
|||||
| CVE-2006-1032 | 1 Phprpc | 1 Phprpc | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
|
|||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
|
|||||
| CVE-2002-1726 | 1 Brokenbytes | 1 Photodb | 2025-04-03 | 7.5 HIGH | N/A |
|
secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page.
|
|||||
| CVE-2006-2306 | 1 Keyvan Janghorbani | 1 Epublisherpro | 2025-04-03 | 9.3 HIGH | N/A |
|
Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information.
|
|||||
| CVE-2001-0871 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
|
|||||
| CVE-2006-4625 | 1 Php | 1 Php | 2025-04-03 | 3.6 LOW | N/A |
|
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
|
|||||
| CVE-2004-0728 | 1 Microsoft | 1 Systems Management Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
|
|||||
| CVE-2004-0724 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.
|
|||||
| CVE-2005-4611 | 1 Phpfreebies.com | 1 Free Clickbank | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter.
|
|||||