Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4290 | 1 Soft4e | 1 Ecw-cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.
|
|||||
| CVE-2000-1054 | 1 Cisco | 1 Secure Access Control Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
|
|||||
| CVE-2002-1399 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cash_out(2).
|
|||||
| CVE-2005-2843 | 1 Helpdesk Software | 1 Hesk | 2025-04-03 | 7.5 HIGH | N/A |
|
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
|
|||||
| CVE-2001-0043 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 10.0 HIGH | N/A |
|
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.
|
|||||
| CVE-2005-1031 | 2 E-xoops, Runcms | 2 E-xoops, Runcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.
|
|||||
| CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
|
|||||
| CVE-1999-0126 | 1 Xfree86 Project | 1 Xfree86 | 2025-04-03 | 7.2 HIGH | N/A |
|
SGI IRIX buffer overflow in xterm and Xaw allows root access.
|
|||||
| CVE-2004-0328 | 1 Gigabyte | 1 Gn-b46b | 2025-04-03 | 7.2 HIGH | N/A |
|
Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system.
|
|||||
| CVE-2006-1815 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-1034 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
|
|||||
| CVE-2006-2998 | 1 Free Qboard | 1 Free Qboard | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.
|
|||||
| CVE-2006-0614 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."
|
|||||
| CVE-2005-1847 | 1 Yamt | 1 Yamt | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.
|
|||||
| CVE-2001-1005 | 1 Starfish | 1 Truesync Desktop | 2025-04-03 | 7.5 HIGH | N/A |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.
|
|||||
| CVE-2005-2084 | 1 Telligent Systems | 1 Community Server Forums | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2004-0274 | 1 Eggheads | 1 Eggdrop Irc Bot | 2025-04-03 | 7.5 HIGH | N/A |
|
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.
|
|||||
| CVE-2005-4758 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.
|
|||||
| CVE-1999-0434 | 5 Caldera, Debian, Netbsd and 2 more | 5 Openlinux, Debian Linux, Netbsd and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
|
|||||
| CVE-2003-1085 | 1 Thomson | 2 Tcm Cable Modem, Tcw Cable Modem | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.
|
|||||
| CVE-2005-2893 | 1 Pblang | 1 Pblang | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login.
|
|||||
| CVE-2006-0477 | 1 Git | 1 Git | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
|
|||||
| CVE-2005-3810 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference.
|
|||||
| CVE-2005-3620 | 1 Vmware | 1 Esx | 2025-04-03 | 2.1 LOW | N/A |
|
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
|
|||||
| CVE-2006-0864 | 1 Hauri | 1 Virobot | 2025-04-03 | 10.0 HIGH | N/A |
|
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.
|
|||||
| CVE-2005-0912 | 1 Deplate | 1 Deplate | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
|
|||||
| CVE-2005-3872 | 1 Ugroup | 1 Ugroup | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.
|
|||||
| CVE-2003-0755 | 1 Gtkftpd | 1 Gtkftp | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.
|
|||||
| CVE-2005-0143 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
|
|||||
| CVE-2005-4132 | 1 Contenido | 1 Contendio | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. NOTE: it is likely that this is a PHP remote file include vulnerability.
|
|||||
| CVE-2005-4407 | 1 Tmc Visionpool | 1 Mercury Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.
|
|||||
| CVE-2004-1055 | 2 Gentoo, Phpmyadmin | 2 Linux, Phpmyadmin | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
|
|||||
| CVE-2004-0469 | 1 Checkpoint | 4 Firewall-1, Next Generation, Ng-ai and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation.
|
|||||
| CVE-2002-1055 | 1 Brother | 1 Nc-3100h | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in administrative web server for Brother NC-3100h printer allows remote attackers to cause a denial of service via a long password.
|
|||||
| CVE-2005-1176 | 1 Ibm | 1 Aix | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
|
|||||
| CVE-2004-2129 | 1 Loom Software | 2 Surfnow Professional, Surfnow Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow.
|
|||||
| CVE-2004-1957 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
|
|||||
| CVE-2006-1089 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
|
|||||
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information.
|
|||||
| CVE-1999-1046 | 1 Ipswitch | 1 Imail | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
|
|||||