Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0999 | 1 Zgv | 1 Zgv Image Viewer | 2025-04-03 | 2.6 LOW | N/A |
|
zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.
|
|||||
| CVE-2004-2479 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
|
|||||
| CVE-2006-1666 | 1 Arab Portal | 1 Arab Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter.
|
|||||
| CVE-2000-0411 | 1 Matt Wright | 1 Formmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
|
|||||
| CVE-2006-3501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
|
|||||
| CVE-2000-0264 | 1 Panda | 1 Panda Security | 2025-04-03 | 2.1 LOW | N/A |
|
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
|
|||||
| CVE-2003-0548 | 2 Gnome, Redhat | 4 Gdm, Enterprise Linux, Kdebase and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.
|
|||||
| CVE-2003-0806 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2004-1954 | 1 Phprofession | 1 Phprofession | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.
|
|||||
| CVE-2002-0904 | 1 Kismet | 1 Kismet | 2025-04-03 | 7.5 HIGH | N/A |
|
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.
|
|||||
| CVE-2005-4750 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.
|
|||||
| CVE-2003-0841 | 1 Oracle | 1 Peopletools | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
|
|||||
| CVE-2001-0263 | 1 Gene6 | 1 G6 Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
|
|||||
| CVE-2004-2624 | 1 Wackowiki | 1 Wackowiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.
|
|||||
| CVE-2005-3970 | 1 Mxchange | 1 Mxchange | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2004-1043 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
|
|||||
| CVE-2005-3998 | 1 Solupress | 1 Solupress News | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
|||||
| CVE-2006-4157 | 1 Yabb | 1 Yabb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter.
|
|||||
| CVE-2006-4123 | 1 Boite De News | 1 Boite De News | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter.
|
|||||
| CVE-2005-3411 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.
|
|||||
| CVE-2002-0169 | 1 Redhat | 2 Docbook Stylesheets, Docbook Utils | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
|
|||||
| CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter.
|
|||||
| CVE-2004-1506 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
|
|||||
| CVE-2002-1735 | 1 Davin Mccall | 1 Dlogin | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors.
|
|||||
| CVE-2001-0029 | 1 Igor Khasilev | 1 Oops Proxy Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup.
|
|||||
| CVE-2003-1204 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, ( ...
Show More |
|||||
| CVE-2000-0426 | 1 Ultrascripts | 1 Ultraboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.
|
|||||
| CVE-2002-0772 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a .. (dot dot) in the RootName parameter.
|
|||||
| CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
|
|||||
| CVE-2001-0051 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
|
|||||
| CVE-2005-3522 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.
|
|||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.
|
|||||
| CVE-2006-0078 | 1 Haddad Said | 1 B-net Software | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php.
|
|||||
| CVE-2004-1487 | 1 Gnu | 1 Wget | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
|
|||||
| CVE-2005-1810 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
|
|||||
| CVE-2005-2641 | 1 Padl Software | 1 Pam Ldap | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.
|
|||||
| CVE-2005-4513 | 1 Wandsoft | 1 E-search | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter.
|
|||||
| CVE-2005-1410 | 2 Postgresql, Trustix | 2 Postgresql, Secure Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
|
|||||
| CVE-2002-2111 | 1 Gianni Tedesco | 1 Fwmon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.
|
|||||
| CVE-2006-0654 | 1 Hinton Design | 1 Phpht Topsites | 2025-04-03 | 7.5 HIGH | N/A |
|
check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies.
|
|||||