Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0118 | 1 Microsoft | 1 Biztalk Server | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
|
|||||
| CVE-2004-1448 | 1 Jetbox | 1 Jetbox One Cms | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.
|
|||||
| CVE-2004-1851 | 1 Dameware Development | 1 Mini Remote Control Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.
|
|||||
| CVE-1999-0627 | 1 Ibm | 1 Aix | 2025-04-03 | N/A | N/A |
|
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.
|
|||||
| CVE-2006-4628 | 1 Vcd-db | 1 Vcd-db | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments.
|
|||||
| CVE-1999-1068 | 1 Oracle | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
|
|||||
| CVE-2004-1401 | 1 Asp-rider | 1 Asp-rider | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter.
|
|||||
| CVE-2000-0539 | 1 Macromedia | 1 Jrun | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
|
|||||
| CVE-2005-4823 | 1 Hp | 1 Http Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2005-4741 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
|
|||||
| CVE-2006-2564 | 1 Alstrasoft | 1 E-friends | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
|
|||||
| CVE-2001-0985 | 1 Hassan Consulting | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
|
|||||
| CVE-2004-1468 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 7.5 HIGH | N/A |
|
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
|
|||||
| CVE-2006-1290 | 1 Milkeyway | 1 Milkeyway Captive Portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.
|
|||||
| CVE-2004-2242 | 1 Phorum | 1 Phorum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.
|
|||||
| CVE-1999-0287 | 1 Webcom | 1 Cgi Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in the Wguest CGI program.
|
|||||
| CVE-2002-0366 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
|
|||||
| CVE-2006-4188 | 1 Hp | 1 Hp-ux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2003-1267 | 1 Steve Poulsen | 1 Guildftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1.
|
|||||
| CVE-2003-1091 | 1 Apple | 1 Quicktime Broadcaster | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.
|
|||||
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection.
|
|||||
| CVE-2002-0965 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
|
|||||
| CVE-2006-2323 | 1 Smartisoft | 1 Phplistpro | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.
|
|||||
| CVE-1999-0315 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Solaris fdformat command gives root access to local users.
|
|||||
| CVE-2005-0124 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.
|
|||||
| CVE-2005-4477 | 1 Papaya | 1 Papaya Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter.
|
|||||
| CVE-2002-0734 | 1 Michel Valdrighi | 1 B2 | 2025-04-03 | 7.5 HIGH | N/A |
|
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
|
|||||
| CVE-2001-0968 | 1 Knox Software | 1 Arkeia | 2025-04-03 | 10.0 HIGH | N/A |
|
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
|
|||||
| CVE-2004-1930 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
|
|||||
| CVE-2004-1101 | 1 Tips | 1 Mailpost | 2025-04-03 | 5.8 MEDIUM | N/A |
|
mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message.
|
|||||
| CVE-2005-0418 | 1 Sun | 1 J2se | 2025-04-03 | 7.5 HIGH | N/A |
|
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.
|
|||||
| CVE-2005-1890 | 1 Mortiforo | 1 Mortiforo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors.
|
|||||
| CVE-2002-1728 | 1 Asksam Systems | 1 Asksam Web Publisher | 2025-04-03 | 5.0 MEDIUM | N/A |
|
askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine the full path to the web root directory via a request for a file that does not exist, which generates an error message that reveals the full path.
|
|||||
| CVE-2006-0630 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers.
|
|||||
| CVE-2001-0715 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 2.1 LOW | N/A |
|
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
|
|||||
| CVE-2006-2762 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
|
|||||
| CVE-2005-1888 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.
|
|||||
| CVE-2005-1098 | 1 Runtime Software | 1 Getdataback For Ntfs | 2025-04-03 | 2.1 LOW | N/A |
|
GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information.
|
|||||
| CVE-2005-3015 | 1 Ibm | 2 Lotus Domino, Lotus Domino Enterprise Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.
|
|||||
| CVE-2001-0155 | 1 Van Dyke Technologies | 1 Vshell | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers.
|
|||||