Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1913 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.
|
|||||
| CVE-2002-1805 | 1 Dacode | 1 Dacode | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
|
|||||
| CVE-2003-0241 | 1 Frontrange | 1 Goldmine | 2025-04-03 | 7.5 HIGH | N/A |
|
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
|
|||||
| CVE-2006-1161 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
|
|||||
| CVE-2005-0697 | 1 Brt | 1 Copperexport | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
|
|||||
| CVE-2002-0490 | 1 Instant Web Mail | 1 Instant Web Mail | 2025-04-03 | 10.0 HIGH | N/A |
|
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
|
|||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."
|
|||||
| CVE-2005-0001 | 3 Linux, Redhat, Trustix | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 6.9 MEDIUM | N/A |
|
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
|
|||||
| CVE-2005-2367 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
|
|||||
| CVE-2006-0694 | 1 Ansilove | 1 Ansilove | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver".
|
|||||
| CVE-2005-2761 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
|
|||||
| CVE-2000-0690 | 1 Cgi Script Center | 1 Auction Weaver | 2025-04-03 | 10.0 HIGH | N/A |
|
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
|
|||||
| CVE-2004-0344 | 1 Yabb | 1 Yabb | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
|
|||||
| CVE-2005-3050 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
|
|||||
| CVE-2001-0028 | 1 Igor Khasilev | 1 Oops Proxy Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
|
|||||
| CVE-2005-2044 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parame ...
Show More |
|||||
| CVE-2006-4465 | 1 Microsoft | 1 Terminal Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code
|
|||||
| CVE-2001-0298 | 1 Sapio Design Ltd | 1 Webreflex | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
|
|||||
| CVE-2000-1092 | 1 Alex Heiphetz Group | 1 Ezshopper | 2025-04-03 | 5.0 MEDIUM | N/A |
|
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
|
|||||
| CVE-2005-4095 | 1 Docebolms | 1 Docebolms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
|
|||||
| CVE-2003-1232 | 1 Gnu | 1 Emacs | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
|
|||||
| CVE-2003-0444 | 1 Gtksee | 1 Gtksee | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.
|
|||||
| CVE-1999-0041 | 5 Cray, Gnu, Ibm and 2 more | 6 Unicos, Unicos Max, Libc and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in NLS (Natural Language Service).
|
|||||
| CVE-2005-2060 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter.
|
|||||
| CVE-2004-1353 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
|
|||||
| CVE-1999-0493 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
|
|||||
| CVE-2001-0642 | 1 Incredimail | 1 Incredimail | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
|
|||||
| CVE-2001-0247 | 5 Freebsd, Mit, Netbsd and 2 more | 5 Freebsd, Kerberos 5, Netbsd and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
|
|||||
| CVE-2006-0339 | 1 Bitcomet | 1 Bitcomet | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in BitComet Client 0.60 allows remote attackers to execute arbitrary code, when the publisher's name link is clicked, via a long publisher URI in a torrent file.
|
|||||
| CVE-2001-1512 | 1 Macromedia | 1 Jrun | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
|
|||||
| CVE-2002-0150 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
|
|||||
| CVE-2006-4316 | 1 Ssh | 1 Tectia Manager | 2025-04-03 | 7.2 HIGH | N/A |
|
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
|
|||||
| CVE-2004-2348 | 1 Sybari | 1 Antigen | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm.
|
|||||
| CVE-2005-1933 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.
|
|||||
| CVE-2006-1361 | 1 Oswiki | 1 Oswiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.
|
|||||
| CVE-2006-0886 | 1 Dev | 1 Dev Web Management System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1209 | 1 Sco | 2 Open Desktop, Openserver | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
|
|||||
| CVE-2005-2108 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
|
|||||
| CVE-2006-1012 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.
|
|||||
| CVE-2006-0863 | 1 Infovista | 1 Portalse | 2025-04-03 | 5.0 MEDIUM | N/A |
|
InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message.
|
|||||