Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2732 | 1 Mini-nuke | 1 Mini-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
|
|||||
| CVE-2005-4780 | 1 Fidra Software | 1 Lighthouse Cms | 2025-04-03 | 4.3 MEDIUM | 3.7 LOW |
|
Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a te ...
Show More |
|||||
| CVE-2000-0635 | 1 Akopia | 1 Minivend | 2025-04-03 | 7.5 HIGH | N/A |
|
The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2005-0759 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
|
|||||
| CVE-2006-3026 | 1 Clicktech | 1 Clickgallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp.
|
|||||
| CVE-2005-0331 | 1 Rarlab | 1 Winrar | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
|
|||||
| CVE-2004-0370 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
|
|||||
| CVE-2006-2527 | 1 Smartisoft | 1 Phpbazar | 2025-04-03 | 7.5 HIGH | N/A |
|
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
|
|||||
| CVE-2005-1266 | 1 Apache | 1 Spamassassin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
|
|||||
| CVE-2004-0129 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
|
|||||
| CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 3.7 LOW | N/A |
|
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
|
|||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.
|
|||||
| CVE-2005-2732 | 1 Awstats | 1 Awstats | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message.
|
|||||
| CVE-2004-1551 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2006-4084 | 1 David Walker | 1 Phpautomembersarea | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
|
|||||
| CVE-1999-0042 | 5 Bsdi, Caldera, Ibm and 2 more | 6 Bsd Os, Openlinux, Aix and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
|
|||||
| CVE-2005-3090 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
|
|||||
| CVE-2004-0035 | 1 Phorum | 1 Phorum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
|
|||||
| CVE-2005-0296 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
|
|||||
| CVE-2001-1495 | 1 Freshmeat | 2 Network Query Tool, Network Query Tool Phpnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter.
|
|||||
| CVE-2004-1824 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.
|
|||||
| CVE-2001-1157 | 1 Baltimore Technologies | 1 Websweeper | 2025-04-03 | 7.5 HIGH | N/A |
|
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
|
|||||
| CVE-2004-1525 | 1 New Media Generation | 1 Hired Team Trial | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command.
|
|||||
| CVE-1999-1135 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438.
|
|||||
| CVE-2005-2126 | 1 Microsoft | 4 Ie, Windows 2000, Windows 2003 Server and 1 more | 2025-04-03 | 2.6 LOW | N/A |
|
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
|
|||||
| CVE-1999-0125 | 3 Redhat, Sgi, Sun | 4 Linux, Irix, Solaris and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in SGI IRIX mailx program.
|
|||||
| CVE-2006-4982 | 1 Cisco | 1 Network Access Control | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
|
|||||
| CVE-2002-1799 | 1 Phprank | 1 Phprank | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
|
|||||
| CVE-2001-1311 | 1 Ibm | 1 Lotus Domino R5 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2006-4718 | 1 Korviblog | 1 Korviblog | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters.
|
|||||
| CVE-2002-2059 | 1 Intel | 4 D845bg Motherboard, D845hv Motherboard, D845pt Motherboard and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key.
|
|||||
| CVE-2005-3790 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
|
|||||
| CVE-2004-0593 | 1 Sygate Technologies | 2 Enforcer, Secure Enterprise | 2025-04-03 | 7.5 HIGH | N/A |
|
Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules.
|
|||||
| CVE-1999-0019 | 7 Data General, Ibm, Ncr and 4 more | 10 Dg Ux, Aix, Mp-ras and 7 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Delete or create a file via rpc.statd, due to invalid information.
|
|||||
| CVE-2000-1099 | 1 Sun | 1 Jdk | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.
|
|||||
| CVE-2003-1108 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
|
|||||
| CVE-2005-1343 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.
|
|||||
| CVE-1999-0482 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
|
|||||
| CVE-2004-1505 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter.
|
|||||
| CVE-2004-0316 | 1 Avirt | 1 Avirt Soho | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080.
|
|||||