Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.
|
|||||
| CVE-2006-3394 | 1 Bxcp | 1 Bxcp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.
|
|||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges.
|
|||||
| CVE-2003-0788 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
|
|||||
| CVE-2000-0053 | 1 Microsoft | 1 Commercial Internet System | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
|
|||||
| CVE-2005-0075 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
|
|||||
| CVE-2006-1580 | 1 Websina | 1 Bugzero | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in query.jsp and (2) entryId parameter in edit.jsp.
|
|||||
| CVE-2005-4767 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
|
|||||
| CVE-2005-0246 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.
|
|||||
| CVE-2000-0111 | 1 Avt | 1 Rightfax | 2025-04-03 | 7.5 HIGH | N/A |
|
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.
|
|||||
| CVE-2006-1324 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
|
|||||
| CVE-2006-1232 | 1 Dsportal | 1 Dsdownload | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.
|
|||||
| CVE-2001-0973 | 1 Fraunhofer Fit | 1 Bscw | 2025-04-03 | 6.4 MEDIUM | N/A |
|
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
|
|||||
| CVE-2001-0779 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
|
|||||
| CVE-2000-0302 | 1 Microsoft | 1 Index Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
|
|||||
| CVE-2005-4677 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.
|
|||||
| CVE-2000-0784 | 1 Rapidstream | 1 Rapidstream | 2025-04-03 | 10.0 HIGH | N/A |
|
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
|
|||||
| CVE-2001-1396 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
|
|||||
| CVE-2006-4484 | 1 Php | 1 Php | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
|
|||||
| CVE-2006-4426 | 1 Albert | 1 Albert-easysite | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
|
|||||
| CVE-1999-1044 | 1 Digital | 1 Unix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.
|
|||||
| CVE-2000-0994 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
|
|||||
| CVE-2006-3034 | 1 Myscrapbook | 1 Myscrapbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message.
|
|||||
| CVE-2001-0469 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
|
|||||
| CVE-2004-2036 | 1 Jportal | 1 Jportal Web Portal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2005-0284 | 1 Woltlab | 1 Burning Book | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
|
|||||
| CVE-2006-3063 | 1 Myphp Guestbook | 1 Myphp Guestbook | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.p ...
Show More |
|||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
|
|||||
| CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-2001-0403 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
|
|||||
| CVE-2006-3320 | 1 Sitebar | 1 Sitebar | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
|
|||||
| CVE-2006-3253 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.
|
|||||
| CVE-2004-0595 | 4 Avaya, Php, Redhat and 1 more | 8 Converged Communications Server, Integrated Management, S8300 and 5 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
|
|||||
| CVE-2006-0515 | 1 Cisco | 4 Adaptive Security Appliance Software, Firewall Services Module, Pix Firewall and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
|
|||||
| CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2025-04-03 | 10.0 HIGH | N/A |
|
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.
|
|||||
| CVE-2003-1074 | 1 Sun | 1 Solaris | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
|
|||||
| CVE-2000-0871 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.
|
|||||
| CVE-2006-3029 | 1 Clicktech | 1 Clickcart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in default.asp in ClickTech Clickcart 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
|
|||||
| CVE-2002-1190 | 1 Cisco | 1 Unity Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls.
|
|||||
| CVE-2006-1493 | 1 Nikolay Avrionov | 1 Explorer Xp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492.
|
|||||