Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1806 | 1 Drupal | 1 Drupal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
|||||
| CVE-2004-0163 | 1 Sygate Technologies | 1 Secure Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session.
|
|||||
| CVE-2005-1411 | 1 Cybration | 1 Icuii | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges.
|
|||||
| CVE-2005-1441 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
|
|||||
| CVE-2004-0665 | 1 Cgiscript.net | 1 Csfaq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.
|
|||||
| CVE-2001-0193 | 2 Debian, Suse | 2 Debian Linux, Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
|
|||||
| CVE-2006-2787 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
|
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
|
|||||
| CVE-2004-0608 | 10 Arush, Dreamforge, Epic Games and 7 more | 14 Devastation, Tnn Outdoors Pro Hunter, Unreal Engine and 11 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitr ...
Show More |
|||||
| CVE-2006-2106 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
|
|||||
| CVE-2005-1272 | 2 Broadcom, Ca | 4 Brightstor Enterprise Backup, Brightstor Arcserve Backup, Brightstor Arcserve Backup Agent and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
|
|||||
| CVE-2004-0231 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2025-04-03 | 2.1 LOW | N/A |
|
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
|
|||||
| CVE-2000-0205 | 1 Trend Micro | 1 Officescan | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
|
|||||
| CVE-2005-0818 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
|
|||||
| CVE-2002-0531 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
|
|||||
| CVE-2005-2080 | 1 Symantec Veritas | 1 Backup Exec | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.
|
|||||
| CVE-2006-3157 | 1 Thinkfactory | 1 Ultimategoogle | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory UltimateGoogle 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter.
|
|||||
| CVE-2006-0834 | 1 Uniden | 1 Uip1868p | 2025-04-03 | 7.5 HIGH | N/A |
|
Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this password was configured by a reseller, not the original vendor; if so, then this is not a vulnerability in the product.
|
|||||
| CVE-2004-1702 | 1 Gnu | 1 Cfengine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
|
|||||
| CVE-2005-3665 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
|
|||||
| CVE-2005-0063 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
|
|||||
| CVE-2004-1462 | 1 Moinmoin | 1 Moinmoin | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.
|
|||||
| CVE-2005-4065 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2006-2099 | 1 Ezb Systems | 1 Ultraiso | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
|
|||||
| CVE-2005-3369 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
|
|||||
| CVE-2002-0166 | 1 Stephen Turner | 1 Analog | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
|
|||||
| CVE-2005-3983 | 1 Hp | 1 Systems Insight Manager | 2025-04-03 | 7.8 HIGH | N/A |
|
Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.
|
|||||
| CVE-2006-2697 | 1 Easy-content Forums | 1 Easy-content Forums | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp.
|
|||||
| CVE-2004-0692 | 1 Trolltech | 1 Qt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
|
|||||
| CVE-2002-0661 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
|
|||||
| CVE-2002-0785 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.
|
|||||
| CVE-2003-1428 | 2 Bharat Mediratta, Linux | 2 Gallery, Linux Kernel | 2025-04-03 | 4.8 MEDIUM | N/A |
|
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
|
|||||
| CVE-2004-2105 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.
|
|||||
| CVE-2006-1987 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.
|
|||||
| CVE-2005-3734 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
|
|||||
| CVE-2004-1608 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
|
|||||
| CVE-2005-4028 | 1 Amember | 1 Amember | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php.
|
|||||
| CVE-1999-1343 | 1 Xerox | 1 Docucolor 4lp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters.
|
|||||
| CVE-2005-0862 | 1 Phpopenchat | 1 Phpopenchat | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.
|
|||||
| CVE-2006-3186 | 1 Cms Faethon | 1 Cms Faethon | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2002-1916 | 1 Pirch | 2 Pirch Irc, Ruspirch | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.
|
|||||