Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0338 | 1 Wsmp3 | 2 Wsmp3 Daemon, Wsmp3 Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
|
|||||
| CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
|
|||||
| CVE-2000-0266 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
|
|||||
| CVE-2002-1447 | 1 Cisco | 1 Vpn Client | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
|
|||||
| CVE-2003-0785 | 1 Brian Bassett | 1 Ipmasq | 2025-04-03 | 7.5 HIGH | N/A |
|
ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
|
|||||
| CVE-2005-4698 | 1 Tellme | 1 Tellme | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.
|
|||||
| CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
|
|||||
| CVE-2005-3428 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.
|
|||||
| CVE-2006-0832 | 1 Wpc.easy | 1 Wpc.easy | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter.
|
|||||
| CVE-1999-1216 | 1 Cisco | 1 Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
|
|||||
| CVE-2005-3112 | 1 Macromedia | 1 Breeze | 2025-04-03 | 2.1 LOW | N/A |
|
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
|
|||||
| CVE-2000-0578 | 1 Sgi | 1 Mipspro Compilers | 2025-04-03 | 3.7 LOW | N/A |
|
SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.
|
|||||
| CVE-1999-0882 | 1 Falcon | 1 Falcon Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Falcon web server allows remote attackers to determine the absolute path of the web root via long file names.
|
|||||
| CVE-1999-0503 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
A Windows NT local user or administrator account has a guessable password.
|
|||||
| CVE-2005-4086 | 1 Sugarcrm | 1 Sugar Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
|
|||||
| CVE-2005-4062 | 1 Xcent | 1 Xcclassified | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.
|
|||||
| CVE-2005-2274 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
|
|||||
| CVE-2000-0949 | 2 Lbl, Sun | 2 Lbl Traceroute, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
|
|||||
| CVE-2005-0883 | 1 Digitalhive | 1 Digitalhive | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page.
|
|||||
| CVE-2004-1955 | 1 Phprofession | 1 Phprofession | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.
|
|||||
| CVE-2006-0197 | 1 X.org | 1 X.org | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.
|
|||||
| CVE-2006-1131 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.
|
|||||
| CVE-2005-3576 | 1 Walla Telesite | 1 Walla Telesite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.
|
|||||
| CVE-2005-1383 | 1 Oracle | 1 Application Server | 2025-04-03 | 7.5 HIGH | N/A |
|
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.
|
|||||
| CVE-2006-1912 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.8 MEDIUM | N/A |
|
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
|
|||||
| CVE-2006-4294 | 1 Twiki | 1 Twiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
|
|||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2025-04-03 | 5.1 MEDIUM | N/A |
|
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
|
|||||
| CVE-2002-1756 | 1 Acd Systems | 1 Acdsee | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ACDSee 4.0 allows remote attackers to cause a denial of service (crash) via an .ais file with a long file description field, which is not properly handled when the file properties of the file are viewed.
|
|||||
| CVE-2001-0922 | 1 Sun | 1 Netdynamics | 2025-04-03 | 7.5 HIGH | N/A |
|
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
|
|||||
| CVE-2001-0412 | 1 Cisco | 3 Content Services Switch 11050, Content Services Switch 11150, Content Services Switch 11800 | 2025-04-03 | 7.2 HIGH | N/A |
|
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
|
|||||
| CVE-2002-1320 | 1 University Of Washington | 1 Pine | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
|
|||||
| CVE-2002-2086 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.
|
|||||
| CVE-2005-4609 | 1 Incogen | 1 Bugport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter.
|
|||||
| CVE-2005-0213 | 1 Webtoolmaster Software | 1 Winhki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.
|
|||||
| CVE-1999-0215 | 1 Sgi | 1 Irix | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Routed allows attackers to append data to files.
|
|||||
| CVE-2006-1103 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2025-04-03 | 5.0 MEDIUM | N/A |
|
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.
|
|||||
| CVE-2002-0508 | 1 Wwwisis | 1 Wwwisis | 2025-04-03 | 10.0 HIGH | N/A |
|
wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.
|
|||||
| CVE-2006-3304 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
|
|||||
| CVE-2006-1421 | 1 Arthur Konze Webdesign | 1 Akocomment | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.
|
|||||