Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1683 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.
|
|||||
| CVE-1999-1117 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
|
|||||
| CVE-2005-0192 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
|
|||||
| CVE-2005-2830 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
|
|||||
| CVE-2004-1433 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets.
|
|||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2000-0282 | 1 Talentsoft | 1 Web\+ | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.
|
|||||
| CVE-2006-4260 | 1 Jake Olefsky | 1 Fotopholder | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter.
|
|||||
| CVE-2005-2951 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.
|
|||||
| CVE-2005-1800 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.
|
|||||
| CVE-2005-0994 | 1 Early Impact | 1 Productcart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report.
|
|||||
| CVE-2005-1733 | 1 Metro Marketing | 1 Cookie Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.
|
|||||
| CVE-2002-1077 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
|
|||||
| CVE-2006-4462 | 1 Gonafish.com | 1 Linkscaffe | 2025-04-03 | 7.5 HIGH | N/A |
|
Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.
|
|||||
| CVE-2002-0804 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
|
|||||
| CVE-2006-0292 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
|
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
|
|||||
| CVE-2001-1436 | 1 Dallas Semiconductor | 1 Ibutton | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
|
|||||
| CVE-2003-0112 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
|
|||||
| CVE-2005-1335 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."
|
|||||
| CVE-2006-3783 | 1 Sun | 1 Solaris | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.
|
|||||
| CVE-2006-2959 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
|
|||||
| CVE-2005-2854 | 1 Thesitewizard.com | 1 Chfeedback.pl Feedback Form Perl Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers.
|
|||||
| CVE-2000-0707 | 1 Pccs-linux | 1 Mysqldatabase Admin Tool | 2025-04-03 | 7.5 HIGH | N/A |
|
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
|
|||||
| CVE-2004-1832 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660.
|
|||||
| CVE-2002-0465 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.
|
|||||
| CVE-2006-2328 | 1 Angelinecms | 1 Angelinecms | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string.
|
|||||
| CVE-2004-2430 | 1 Trend Micro | 1 Officescan | 2025-04-03 | 7.2 HIGH | N/A |
|
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
|
|||||
| CVE-2002-2293 | 1 Twofold Photos | 1 Webshots Desktop | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager.
|
|||||
| CVE-2006-0830 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop.
|
|||||
| CVE-2005-1342 | 1 Apple | 2 Mac Os X, Terminal | 2025-04-03 | 7.5 HIGH | N/A |
|
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-0831 | 1 Tasarim Rehberi | 1 Tasarim Rehberi | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the (1) sayfaadi or (2) sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE.
|
|||||
| CVE-2004-1689 | 1 Todd Miller | 1 Sudo | 2025-04-03 | 2.1 LOW | N/A |
|
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
|
|||||
| CVE-2002-1689 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
|
|||||
| CVE-2004-1514 | 1 Soft3304 | 1 04webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2.
|
|||||
| CVE-2006-3032 | 1 Pensacola Web Designs | 1 Xtreme Asp Photo Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp.
|
|||||
| CVE-2006-0121 | 1 Ibm | 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes | 2025-04-03 | 7.8 HIGH | N/A |
|
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified ...
Show More |
|||||
| CVE-2006-3185 | 1 Cms Faethon | 1 Cms Faethon | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter.
|
|||||
| CVE-2001-1379 | 1 Guiseppe Tanzilli And Matthias Eckermann | 1 Mod Auth Pgsql | 2025-04-03 | 7.5 HIGH | N/A |
|
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
|
|||||
| CVE-2005-1407 | 1 Skype Technologies | 1 Skype | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
|
|||||
| CVE-2006-1489 | 1 Fusionzone | 1 Couponzone | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters.
|
|||||