Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0971 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.
|
|||||
| CVE-2002-1505 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
|
|||||
| CVE-2005-0407 | 1 Zakon Group | 1 Openconf | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title.
|
|||||
| CVE-2005-2334 | 1 Y.sak | 1 Y.sak | 2025-04-03 | 10.0 HIGH | N/A |
|
Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi.
|
|||||
| CVE-2006-3243 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
|
|||||
| CVE-2000-0899 | 1 Max Feoktistov | 1 Small Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.
|
|||||
| CVE-2001-1374 | 3 Conectiva, Don Libes, Redhat | 3 Linux, Expect, Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
|
|||||
| CVE-2006-1654 | 1 Hp | 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
|
|||||
| CVE-2003-1210 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
|
|||||
| CVE-2002-1050 | 1 Hylafax | 1 Hylafax | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.
|
|||||
| CVE-2004-1822 | 1 Phorum | 1 Phorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.
|
|||||
| CVE-2006-2609 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2025-04-03 | 5.1 MEDIUM | N/A |
|
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-2540 | 1 Dieselscripts | 1 Diesel Job Site | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
|
|||||
| CVE-2001-0209 | 1 Shoutcast | 1 Dnas | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1.7.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long description.
|
|||||
| CVE-2005-3574 | 1 Icms Content Management Systems | 1 Icms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.
|
|||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
|
|||||
| CVE-2005-3814 | 1 Orbitscripts | 1 Smartppc Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php.
|
|||||
| CVE-2003-0732 | 1 Cisco | 4 Ciscoworks Cd1, Ciscoworks Common Management Foundation, Resource Manager and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
|
|||||
| CVE-2005-4339 | 1 Blackboard | 1 Academic Suite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.
|
|||||
| CVE-2004-1493 | 1 Quicksilver | 1 Master Of Orion Iii | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.
|
|||||
| CVE-2005-3685 | 1 Virtual Programming | 1 Vp-asp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
|
|||||
| CVE-2005-2388 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 95 and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
|
|||||
| CVE-2002-0457 | 1 Bg Guestbook | 1 Bg Guestbook | 2025-04-03 | 7.6 HIGH | N/A |
|
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
|
|||||
| CVE-2002-0078 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
|
|||||
| CVE-2004-2648 | 1 Faronics | 1 Freezex | 2025-04-03 | 1.0 LOW | N/A |
|
FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.
|
|||||
| CVE-2005-3446 | 1 Oracle | 2 Application Server, Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.
|
|||||
| CVE-1999-1430 | 1 Royal | 1 Davinci | 2025-04-03 | 2.1 LOW | N/A |
|
PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as Access.
|
|||||
| CVE-2004-0042 | 1 Beasts | 1 Vsftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.
|
|||||
| CVE-2003-0705 | 1 Nicolas Boullis | 1 Mah-jong | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2001-1101 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2006-4794 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-4523 | 1 2wire Inc | 2 Homeportal, Officeportal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
|
|||||
| CVE-2004-2344 | 1 Vocaltec | 2 Vgw120 Telephony Gateway, Vgw480 Telephony Gateway | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service.
|
|||||
| CVE-2001-0876 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
|
|||||
| CVE-2003-0492 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
|
|||||
| CVE-2006-1696 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-1999-1323 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
|
|||||
| CVE-2006-4334 | 1 Gzip | 1 Gzip | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
|
|||||
| CVE-2005-1784 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
|
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp.
|
|||||
| CVE-2005-4753 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.
|
|||||