Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0187 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
|
|||||
| CVE-2006-2672 | 1 Interquest Internet Services | 1 Realty Pro One | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.
|
|||||
| CVE-2006-3800 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.
|
|||||
| CVE-2002-1952 | 1 Phprank | 1 Phprank | 2025-04-03 | 7.5 HIGH | N/A |
|
phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database is unavailable.
|
|||||
| CVE-2006-1537 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, o ...
Show More |
|||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.
|
|||||
| CVE-2003-1100 | 1 Hummingbird | 1 Cyberdocs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.
|
|||||
| CVE-2004-2327 | 1 Vizer Web Server | 1 Vizer Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests.
|
|||||
| CVE-2006-3604 | 1 Seyeon | 1 Flexwatch Network Camera | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL.
|
|||||
| CVE-2006-2802 | 1 Xine | 2 Gxine, Xine-lib | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
|
|||||
| CVE-2004-1137 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
|
|||||
| CVE-2000-0650 | 1 Network Associates | 2 Netshield, Virusscan | 2025-04-03 | 2.1 LOW | N/A |
|
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
|
|||||
| CVE-2001-0926 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
|
|||||
| CVE-2002-2113 | 1 Agh | 1 Htmlsearch | 2025-04-03 | 7.5 HIGH | N/A |
|
search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter.
|
|||||
| CVE-1999-0956 | 1 Next | 1 Nextstep | 2025-04-03 | 7.2 HIGH | N/A |
|
The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.
|
|||||
| CVE-2004-1290 | 1 William Hoggarth | 1 Pgn2web | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file.
|
|||||
| CVE-2004-0164 | 1 Kame | 1 Racoon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
|
|||||
| CVE-2006-1105 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
|
|||||
| CVE-2002-0010 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.
|
|||||
| CVE-2002-0362 | 1 Aol | 1 Instant Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.
|
|||||
| CVE-2002-1444 | 2 Google, Microsoft | 2 Toolbar, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
|
|||||
| CVE-2005-4395 | 1 Farcry | 1 Farcry | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter.
|
|||||
| CVE-2000-0919 | 1 Phpix | 1 Phpix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-1999-0821 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument.
|
|||||
| CVE-2005-1834 | 1 Nextweb | 1 Nextweb \(i\)site | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.
|
|||||
| CVE-2005-3345 | 1 Rssh | 1 Rssh | 2025-04-03 | 7.2 HIGH | N/A |
|
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
|
|||||
| CVE-2001-0507 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 7.2 HIGH | N/A |
|
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
|
|||||
| CVE-2005-3978 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php.
|
|||||
| CVE-2005-0055 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."
|
|||||
| CVE-2005-0890 | 1 Dream4 | 1 Koobi Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter.
|
|||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2025-04-03 | 7.5 HIGH | N/A |
|
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
|
|||||
| CVE-2004-0148 | 2 Sgi, Washington University | 2 Propack, Wu-ftpd | 2025-04-03 | 7.2 HIGH | N/A |
|
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
|
|||||
| CVE-2006-2513 | 1 Sun | 1 Java System Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.
|
|||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters ...
Show More |
|||||
| CVE-2006-2196 | 1 Jochen Friedrich | 1 Pinball | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.
|
|||||
| CVE-2000-0710 | 1 Microsoft | 1 Frontpage | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
|
|||||
| CVE-2005-1470 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
|
|||||
| CVE-1999-0166 | 1 Sun | 1 Nfs | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NFS allows users to use a "cd .." command to access other directories besides the exported file system.
|
|||||
| CVE-1999-0960 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.
|
|||||
| CVE-1999-0600 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A network intrusion detection system (IDS) does not verify the checksum on a packet.
|
|||||