Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2575 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.
|
|||||
| CVE-2005-1749 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
|
|||||
| CVE-2003-1057 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
|
|||||
| CVE-2003-1295 | 2 Redhat, Suse | 2 Enterprise Linux, Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
|
|||||
| CVE-2002-0492 | 1 Dcscripts | 1 Dcshop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
|
|||||
| CVE-2006-2068 | 1 Hitachi | 9 Jp1-cm2-network Node Manager, Jp1-cm2-network Node Manager 250, Jpi Automatic Job Management System 2 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.
|
|||||
| CVE-2006-2605 | 1 Dschat | 1 Dschat | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.
|
|||||
| CVE-2005-0064 | 1 Xpdf | 1 Xpdf | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
|
|||||
| CVE-2006-0916 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
|
|||||
| CVE-1999-0687 | 4 Cde, Digital, Ibm and 1 more | 5 Cde, Unix, Aix and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
|
|||||
| CVE-2004-2367 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.
|
|||||
| CVE-2005-2575 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.
|
|||||
| CVE-2001-0503 | 1 Microsoft | 1 Netmeeting | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
|
|||||
| CVE-2001-0684 | 1 Netscape | 1 Collabra Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239.
|
|||||
| CVE-2000-0818 | 1 Oracle | 1 Listener | 2025-04-03 | 10.0 HIGH | N/A |
|
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
|
|||||
| CVE-2005-4827 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attac ...
Show More |
|||||
| CVE-2005-0869 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
|
|||||
| CVE-2006-4673 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 2.6 LOW | N/A |
|
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
|
|||||
| CVE-2006-0066 | 1 Phpjournaler | 1 Phpjournaler | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter.
|
|||||
| CVE-2000-0705 | 1 Luca Deri | 1 Ntop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-2186 | 1 Mcafee | 1 Intrushield Security Management System | 2025-04-03 | 1.9 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.
|
|||||
| CVE-2006-0984 | 1 Ej3 | 1 Topo | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter.
|
|||||
| CVE-2006-0295 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
|
|||||
| CVE-2005-3856 | 1 Krusader | 1 Krusader | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
|
|||||
| CVE-2004-1530 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.
|
|||||
| CVE-2002-0242 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
|
|||||
| CVE-2003-0528 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
|
|||||
| CVE-2005-4656 | 1 Triggertg | 1 Tclanportal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter.
|
|||||
| CVE-2001-0936 | 1 Frox | 1 Frox | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request.
|
|||||
| CVE-2005-4189 | 1 Horde | 1 Kronolith H3 | 2025-04-03 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
|
|||||
| CVE-2005-0999 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.
|
|||||
| CVE-2004-2325 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2000-0791 | 1 Trustix | 1 Secure Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
|
|||||
| CVE-2006-4139 | 1 Sun | 1 Solaris | 2025-04-03 | 5.4 MEDIUM | N/A |
|
Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.
|
|||||
| CVE-2005-2327 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
|
|||||
| CVE-2002-2044 | 1 Xqus | 1 X-stat | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action.
|
|||||
| CVE-2004-2202 | 1 Duware | 1 Duclassified | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
|
|||||
| CVE-2002-1636 | 1 Oracle | 1 Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.
|
|||||
| CVE-2006-1595 | 1 Claroline | 1 Claroline | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
|
|||||
| CVE-1999-0873 | 1 Sky Communications | 1 Skyfull | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Skyfull mail server via MAIL FROM command.
|
|||||