Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1838 | 1 Xweb | 1 Xweb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2006-1511 | 1 Microsoft | 1 .net Framework | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
|
|||||
| CVE-2006-2036 | 1 Iopus | 1 Secure Email Attachments | 2025-04-03 | 2.1 LOW | N/A |
|
iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring.
|
|||||
| CVE-2005-0393 | 1 Crip | 1 Crip | 2025-04-03 | 7.2 HIGH | N/A |
|
The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors.
|
|||||
| CVE-2006-2715 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 7.5 HIGH | N/A |
|
The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console.
|
|||||
| CVE-2006-2795 | 1 Xiti | 1 Xiti Tracking Script | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2004-2241 | 1 Phorum | 1 Phorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch.
|
|||||
| CVE-2006-3369 | 1 Iduprey | 1 Kamikaze-qscm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
|||||
| CVE-2003-0995 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
|
|||||
| CVE-2004-2498 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors.
|
|||||
| CVE-2006-4360 | 1 Drupal | 1 Drupal E-commerce Module | 2025-04-03 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2006-3971 | 1 Scott Weedon | 1 Ajax Chat | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
|
|||||
| CVE-2006-2014 | 1 Web-provence | 1 Sl Site | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message.
|
|||||
| CVE-2000-1048 | 1 Qbik | 1 Wingate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.
|
|||||
| CVE-2002-2043 | 1 Cyrus | 1 Sasl | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
|
|||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
|
|||||
| CVE-2002-1294 | 1 Microsoft | 1 Java Virtual Machine | 2025-04-03 | 7.5 HIGH | N/A |
|
The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.
|
|||||
| CVE-2005-4310 | 1 Ssh | 1 Tectia Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
|
|||||
| CVE-2005-1838 | 1 Liberum | 1 Liberum Help Desk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields.
|
|||||
| CVE-1999-1163 | 1 Hp | 1 9000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.
|
|||||
| CVE-1999-1407 | 1 Redhat | 1 Linux | 2025-04-03 | 2.1 LOW | N/A |
|
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
|
|||||
| CVE-1999-1264 | 1 Ramp Networks | 1 Webramp | 2025-04-03 | 7.5 HIGH | N/A |
|
WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled.
|
|||||
| CVE-2006-4321 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2003-0464 | 1 Redhat | 1 Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.
|
|||||
| CVE-1999-1522 | 1 Roxen | 1 Roxen Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.
|
|||||
| CVE-2006-1990 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.
|
|||||
| CVE-2006-1026 | 1 Jfacets | 1 Jfacets | 2025-04-03 | 7.5 HIGH | N/A |
|
JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID.
|
|||||
| CVE-2004-0960 | 2 Freeradius, Redhat | 3 Freeradius, Enterprise Linux, Fedora Core | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
|
|||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2025-04-03 | 7.6 HIGH | N/A |
|
SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.
|
|||||
| CVE-2006-3368 | 1 Efone | 1 Efone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2006-0507 | 1 Easy Cms | 1 Easy Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form.
|
|||||
| CVE-2001-0339 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
|
|||||
| CVE-2001-1433 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
|
|||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2004-1818 | 1 Warpspeed | 1 4nalbum Module | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.
|
|||||
| CVE-2006-3849 | 1 Pumpkin Studios | 2 Warzone, Warzone Resurrection | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.
|
|||||
| CVE-2005-2468 | 1 Mysql | 1 Eventum | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
|
|||||
| CVE-2005-1304 | 1 Citat.pl | 1 Citat.pl | 2025-04-03 | 7.5 HIGH | N/A |
|
The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument.
|
|||||
| CVE-2004-2390 | 1 Jabberstudio | 1 Jabber Gadu-gadu Transport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2001-0203 | 1 Watchguard | 1 Firebox Ii | 2025-04-03 | 10.0 HIGH | N/A |
|
Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication.
|
|||||