Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0537 | 2 Microsoft, Netscape | 2 Internet Explorer, Communicator | 2025-04-03 | 7.5 HIGH | N/A |
|
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
|
|||||
| CVE-2001-0133 | 1 Trend Micro | 1 Interscan Viruswall | 2025-04-03 | 10.0 HIGH | N/A |
|
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
|
|||||
| CVE-2004-0787 | 1 Openca | 1 Openca | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields.
|
|||||
| CVE-2005-3889 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 7.8 HIGH | N/A |
|
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
|
|||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
List of arbitrary files on Web host via nph-test-cgi script.
|
|||||
| CVE-2006-3580 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2006-3354 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
|
|||||
| CVE-2006-3621 | 1 Dream4 | 1 Koobi Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
|
|||||
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information.
|
|||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
|
|||||
| CVE-2004-2058 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.
|
|||||
| CVE-2005-2836 | 1 Phorum | 1 Phorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php.
|
|||||
| CVE-2004-0260 | 1 Cactusoft | 1 Cactushop Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||.
|
|||||
| CVE-2002-0459 | 1 Linux-sottises | 2 Board-tnk, News-tnk | 2025-04-03 | 7.6 HIGH | N/A |
|
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
|
|||||
| CVE-2006-3715 | 1 Oracle | 1 Collaboration Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01.
|
|||||
| CVE-2002-2122 | 1 Pointsec Mobile Technologies | 1 Pointsec | 2025-04-03 | 2.1 LOW | N/A |
|
Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.
|
|||||
| CVE-2004-1461 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
|
|||||
| CVE-2002-1224 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
|
|||||
| CVE-2006-0250 | 1 Carnegie Mellon University | 1 Snmptrapd | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.
|
|||||
| CVE-2002-0277 | 1 Add2it | 1 Mailman Free | 2025-04-03 | 7.5 HIGH | N/A |
|
Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter.
|
|||||
| CVE-2002-0750 | 1 Cgiscript.net | 1 Csmailto | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.
|
|||||
| CVE-2000-0542 | 1 Ericsson | 1 Axc Tigris Multiservice Access Platform | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.
|
|||||
| CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
|
|||||
| CVE-2006-3471 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
|
|||||
| CVE-2002-1462 | 1 Organicphp | 1 Php-affiliate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.
|
|||||
| CVE-2002-1440 | 1 Gateway | 1 Gs-400 | 2025-04-03 | 10.0 HIGH | N/A |
|
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges.
|
|||||
| CVE-2002-1046 | 1 Watchguard | 2 Firebox, Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.
|
|||||
| CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
|
|||||
| CVE-2004-1146 | 1 Cvstrac | 1 Cvstrac | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.
|
|||||
| CVE-2006-4968 | 1 Postnuke Software Foundation | 1 Pnphpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2005-2076 | 1 Hp | 1 Version Control Repository Manager | 2025-04-03 | 2.1 LOW | N/A |
|
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
|
|||||
| CVE-1999-1508 | 1 Tek | 5 Phaser Network Printer 740, Phaser Network Printer 750, Phaser Network Printer 750dp and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.
|
|||||
| CVE-1999-0165 | 3 Bsdi, Linux, Sun | 5 Bsd Os, Linux Kernel, Nfs and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
NFS cache poisoning.
|
|||||
| CVE-2002-0211 | 1 Tarantella | 1 Tarantella Enterprise | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
|
|||||
| CVE-2005-2174 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 2.6 LOW | N/A |
|
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
|
|||||
| CVE-2005-2423 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message.
|
|||||
| CVE-2003-1140 | 1 Musicqueue | 1 Musicqueue | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
|
|||||
| CVE-1999-0420 | 1 Netbsd | 1 Umapfs | 2025-04-03 | 7.2 HIGH | N/A |
|
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
|
|||||
| CVE-2005-2670 | 1 Hauri | 4 Livecall, Virobot Advanced Server, Virobot Expert and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.
|
|||||
| CVE-2005-4224 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.
|
|||||