Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0624 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
|
|||||
| CVE-2004-2033 | 1 Orenosv | 1 Orenosv Http Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
|
|||||
| CVE-2006-4447 | 1 X.org | 9 Emu-linux-x87-xlibs, X11r6, X11r7 and 6 more | 2025-04-03 | 7.2 HIGH | N/A |
|
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
|
|||||
| CVE-2001-0938 | 1 Persits | 1 Aspupload | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.
|
|||||
| CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter.
|
|||||
| CVE-2005-4379 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php.
|
|||||
| CVE-2003-0669 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 1.2 LOW | N/A |
|
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
|
|||||
| CVE-2004-0491 | 1 Redhat | 1 Enterprise Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
|
|||||
| CVE-2006-4104 | 1 Mojoscripts | 1 Mojogallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input."
|
|||||
| CVE-1999-0729 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.
|
|||||
| CVE-2005-0295 | 1 Inca | 1 Nprotect Gameguard | 2025-04-03 | 4.6 MEDIUM | N/A |
|
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.
|
|||||
| CVE-2005-3865 | 1 Scripts-templates | 1 Allweb Search | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2006-3851 | 1 X7 Group | 1 X7 Chat | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
|
|||||
| CVE-2003-1259 | 1 Globalscape | 1 Cuteftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
|
|||||
| CVE-2005-4472 | 1 Macromedia | 1 Jrun | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.
|
|||||
| CVE-2006-0713 | 1 Linpha | 1 Linpha | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, whic ...
Show More |
|||||
| CVE-2006-0862 | 1 Infovista | 1 Portalse | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL.
|
|||||
| CVE-2002-0467 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.
|
|||||
| CVE-2006-1849 | 1 Skymarx Solutions | 1 Xflow | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
|
|||||
| CVE-2002-2085 | 1 Wwwebbb | 1 Wwwebbb Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
|
|||||
| CVE-2005-0691 | 1 Socialmpn | 1 Socialmpn | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2004-2195 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
|
|||||
| CVE-2006-0673 | 1 Reamday Enterprises | 1 Magic Calendar Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.
|
|||||
| CVE-2006-3025 | 1 Lucid Designs | 1 Lucid Calendar | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-0145 | 1 Mozilla | 1 Firefox | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
|
|||||
| CVE-1999-1471 | 1 Bsd | 1 Bsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.
|
|||||
| CVE-2005-4080 | 1 Horde | 1 Imp | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
|
|||||
| CVE-2005-1374 | 1 Claroline | 1 Claroline | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
|
|||||
| CVE-2002-0714 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
|
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
|
|||||
| CVE-2005-4301 | 1 Phpxplorer | 1 Phpxplorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field.
|
|||||
| CVE-2000-0939 | 1 Samba | 1 Samba | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
|
|||||
| CVE-2001-1006 | 1 Starfish | 1 Truesync Desktop | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
|
|||||
| CVE-2006-0402 | 1 Jason Geiger | 1 Zoph | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2002-1361 | 1 Sun | 1 Cobalt Raq 4 | 2025-04-03 | 10.0 HIGH | N/A |
|
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
|
|||||
| CVE-2001-0419 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
|
|||||
| CVE-2005-3440 | 1 Oracle | 1 Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08.
|
|||||
| CVE-2005-2542 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
|
|||||
| CVE-2006-3541 | 1 Kyberna | 1 Ky2help | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes."
|
|||||
| CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2025-04-03 | 6.2 MEDIUM | N/A |
|
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
|
|||||
| CVE-2001-0971 | 1 Aci | 1 4d Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.
|
|||||