Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1483 | 1 Interspire | 1 Articlelive | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.
|
|||||
| CVE-2005-0303 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.
|
|||||
| CVE-2002-1033 | 1 Sun | 1 I-runbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
|
|||||
| CVE-2004-1971 | 1 Oscar Fafian | 1 Video Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.
|
|||||
| CVE-2005-2221 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and pr ...
Show More |
|||||
| CVE-2006-1995 | 1 Scry Gallery | 1 Scry Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.
|
|||||
| CVE-1999-0442 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Solaris ff.core allows local users to modify files.
|
|||||
| CVE-2004-0671 | 1 Symantec | 1 Brightmail Antispam | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request.
|
|||||
| CVE-2002-1493 | 1 Lycos | 1 Htmlgear Guestgear | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
|
|||||
| CVE-1999-0444 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
|
|||||
| CVE-2002-1887 | 1 Gregory Kokanosky | 1 Phpmynewsletter | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter.
|
|||||
| CVE-2006-1442 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle.
|
|||||
| CVE-1999-0220 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
Attackers can do a denial of service of IRC by crashing the server.
|
|||||
| CVE-2006-0534 | 1 Cybershop | 1 Asp Ultimate E-commerce Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat parameter.
|
|||||
| CVE-2004-1787 | 1 Postnuke Software Foundation | 1 Postcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.
|
|||||
| CVE-2006-1450 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes.
|
|||||
| CVE-2003-1095 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
|
|||||
| CVE-2006-3246 | 1 Gl-sh | 1 Deaf Forum | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
|
|||||
| CVE-2005-3682 | 1 Wizz Forum | 1 Wizz Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.
|
|||||
| CVE-1999-0294 | 1 Microsoft | 1 Wins | 2025-04-03 | 5.0 MEDIUM | N/A |
|
All records in a WINS database can be deleted through SNMP for a denial of service.
|
|||||
| CVE-2002-1317 | 4 Hp, Sgi, Sun and 1 more | 5 Hp-ux, Irix, Solaris and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
|
|||||
| CVE-2001-0143 | 2 Immunix, Redhat | 2 Immunix, Linux | 2025-04-03 | 1.2 LOW | N/A |
|
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2005-2211 | 1 Sukria | 1 Backup Manager | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.
|
|||||
| CVE-2005-2690 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.
|
|||||
| CVE-2004-0157 | 1 Xonix | 1 Xonix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.
|
|||||
| CVE-1999-0601 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.
|
|||||
| CVE-2006-4832 | 1 Verso Netperformer | 1 Frame Relay Access Device Act | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
|
|||||
| CVE-2006-4323 | 1 Cityforfree | 1 Indexcity | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
|
|||||
| CVE-2005-3589 | 1 Filezilla | 1 Filezilla Server Terminal | 2025-04-03 | 7.8 HIGH | N/A |
|
Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.
|
|||||
| CVE-2006-4865 | 1 Phpquiz | 1 Phpquiz | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
|
|||||
| CVE-2005-4489 | 1 Scoop | 1 Scoop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story.
|
|||||
| CVE-2004-0262 | 1 The Palace | 1 The Palace Client | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.
|
|||||
| CVE-2004-2049 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.
|
|||||
| CVE-2006-3603 | 1 Seyeon | 1 Flexwatch Network Camera | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.
|
|||||
| CVE-2006-2415 | 1 Flexchat | 1 Flexchat | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm.
|
|||||
| CVE-2005-1632 | 1 Tavis Rudd | 1 Cheetah | 2025-04-03 | 7.2 HIGH | N/A |
|
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.
|
|||||
| CVE-2001-0460 | 1 Baltimore Technologies | 1 Websweeper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
|
|||||
| CVE-2005-3657 | 1 Mcafee | 2 Mcinsctl.dll, Virusscan Security Center | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
|
|||||
| CVE-2002-1666 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
|
|||||
| CVE-2006-1817 | 1 The War Forge | 1 Warforge.news | 2025-04-03 | 2.6 LOW | N/A |
|
SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie.
|
|||||