Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0129 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106.
|
|||||
| CVE-2005-3924 | 1 Randshop | 1 Randshop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.
|
|||||
| CVE-2005-3642 | 1 Ibm | 1 Informix Dynamic Database Server | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username.
|
|||||
| CVE-2001-1195 | 1 Novell | 1 Groupwise | 2025-04-03 | 7.5 HIGH | N/A |
|
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
|
|||||
| CVE-2005-1002 | 1 Logics Software | 1 Log-ft | 2025-04-03 | 5.0 MEDIUM | N/A |
|
logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters.
|
|||||
| CVE-2006-2404 | 1 Radscripts | 1 Radlance | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
|
|||||
| CVE-2002-0014 | 1 University Of Washington | 1 Pine | 2025-04-03 | 7.5 HIGH | N/A |
|
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).
|
|||||
| CVE-2005-4361 | 1 Magnolia | 1 Content Management Suite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
|||||
| CVE-1999-0152 | 1 Data General | 1 Dg Ux | 2025-04-03 | 7.5 HIGH | N/A |
|
The DG/UX finger daemon allows remote command execution through shell metacharacters.
|
|||||
| CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
|
|||||
| CVE-2002-1363 | 1 Greg Roelofs | 1 Libpng | 2025-04-03 | 7.5 HIGH | N/A |
|
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
|
|||||
| CVE-2003-1049 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
|
|||||
| CVE-2006-4502 | 1 Ztml | 1 Ezportal Ztml Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script.
|
|||||
| CVE-2005-3852 | 1 Onlinetechtools.com | 1 Owos Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
|||||
| CVE-1999-0124 | 1 University Of Minnesota | 1 Gopherd | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.
|
|||||
| CVE-2000-0294 | 1 Jim Housley | 1 Healthd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
|
|||||
| CVE-2006-2144 | 1 Dmcounter | 1 Dmcounter | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
|
|||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox".
|
|||||
| CVE-2004-1691 | 1 Rhinosoft | 1 Dns4me | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
|
|||||
| CVE-2004-1915 | 1 Lcdproc | 1 Lcdproc | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments.
|
|||||
| CVE-2002-2193 | 1 Mojo Mail | 1 Mojo Mail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 allows remote attackers to inject arbitrary web script via the email parameter.
|
|||||
| CVE-2003-0602 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
|
|||||
| CVE-2005-1429 | 1 Abczone.it | 1 Wwwguestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2004-0331 | 1 Dell | 1 Openmanage | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
|
|||||
| CVE-2006-0768 | 1 Kadu | 1 Kadu | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests.
|
|||||
| CVE-2006-3763 | 1 Dieselscripts | 1 Diesel Joke Site | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2000-0743 | 1 University Of Minnesota | 1 Gopherd | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.
|
|||||
| CVE-2000-0454 | 1 Mandrakesoft | 1 Mandrake Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
|
|||||
| CVE-2002-2313 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 8.8 HIGH | N/A |
|
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer.
|
|||||
| CVE-2005-3769 | 1 Php Download Manager | 1 Php Download Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java.
|
|||||
| CVE-2005-2502 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
|
|||||
| CVE-2001-0223 | 1 Spawar.navy.mil | 1 Wwwwais.25.c | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request).
|
|||||
| CVE-2002-1843 | 1 Perlbot | 1 Perlbot | 2025-04-03 | 7.5 HIGH | N/A |
|
Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.
|
|||||
| CVE-2006-1775 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.
|
|||||
| CVE-2002-1626 | 1 Mike Spice | 1 My Calendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL.
|
|||||
| CVE-2004-1625 | 1 Pgina | 1 Pgina | 2025-04-03 | 5.0 MEDIUM | N/A |
|
pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown.
|
|||||
| CVE-2006-3538 | 1 Beatificfaith | 1 Eprayer | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field.
|
|||||
| CVE-2006-3441 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, ...
Show More |
|||||
| CVE-2000-0832 | 1 Oscar Nierstrasz | 1 Htgrep | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter.
|
|||||