Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2330 | 1 Macromedia | 1 Coldfusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
|
|||||
| CVE-2002-0909 | 1 Matsushita Research | 1 Mnews | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote NNTP server to execute arbitrary code via long responses, or local users can gain privileges via long command line arguments (2) -f, (3) -n, (4) -D, (5) -M, or (6) -P, or via long environment variables (7) JNAMES or (8) MAILSERVER.
|
|||||
| CVE-1999-0270 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.
|
|||||
| CVE-2004-2217 | 1 Ychat | 1 Ychat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
|
|||||
| CVE-2004-1844 | 1 Expinion.net | 1 Member Management System | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.
|
|||||
| CVE-2006-4552 | 1 Chxo | 1 Feedsplitter | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.
|
|||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.
|
|||||
| CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
|
|||||
| CVE-2006-2032 | 1 Corenews | 1 Corenews | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
|
|||||
| CVE-2003-1164 | 1 Mldonkey | 1 Mldonkey | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.
|
|||||
| CVE-2006-3235 | 1 Looknet | 1 Fineshop | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.
|
|||||
| CVE-2004-2414 | 1 Novell | 1 Netware | 2025-04-03 | 2.1 LOW | N/A |
|
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
|
|||||
| CVE-2004-2017 | 1 Turbotraffictrader | 1 Turbotraffictrader C | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.
|
|||||
| CVE-2006-4603 | 1 Nch Software | 1 Swift Sound Web Dictate | 2025-04-03 | 7.5 HIGH | N/A |
|
NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.
|
|||||
| CVE-2006-0238 | 1 Gamerz | 1 Wp-stats | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter.
|
|||||
| CVE-2005-2020 | 1 3com | 1 3c15100d | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.
|
|||||
| CVE-2002-0142 | 1 Pi3 | 1 Pi3web | 2025-04-03 | 7.5 HIGH | N/A |
|
CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters.
|
|||||
| CVE-2003-0287 | 1 Six Apart | 1 Movable Type | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
|
|||||
| CVE-2006-1686 | 1 Apt | 1 Apt-webshop-system | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter.
|
|||||
| CVE-2006-3262 | 1 Mambo | 1 Mambo | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
|
|||||
| CVE-2006-4529 | 1 Membrepass | 1 Membrepass | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter.
|
|||||
| CVE-2006-3952 | 1 Efs Software | 1 Efs Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2001-0154 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
|
|||||
| CVE-2002-0100 | 1 Aol | 1 Aol Server | 2025-04-03 | 7.5 HIGH | N/A |
|
AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file.
|
|||||
| CVE-2006-1816 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.
|
|||||
| CVE-2005-0508 | 1 Apache | 1 Batik | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."
|
|||||
| CVE-2005-0424 | 1 Aspjar | 1 Aspjar Guestbook | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730.
|
|||||
| CVE-2006-1532 | 1 Deltascripts | 1 Php Classifieds | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter.
|
|||||
| CVE-2005-0306 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.
|
|||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
|
|||||
| CVE-2003-0450 | 1 Cistron | 1 Radius Daemon | 2025-04-03 | 7.5 HIGH | N/A |
|
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow.
|
|||||
| CVE-2006-4389 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
|
|||||
| CVE-2005-0383 | 1 Trend Micro | 1 Control Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password.
|
|||||
| CVE-2005-4664 | 1 Ocomon | 1 Ocomon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.
|
|||||
| CVE-2001-0983 | 1 Ultraedit | 1 Ultraedit-32 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.
|
|||||
| CVE-2000-1011 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
|
|||||
| CVE-2006-2293 | 1 Expinion.net | 1 Multicalendars | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-2559 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
|
|||||
| CVE-2006-2705 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages.
|
|||||
| CVE-2004-2293 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered b ...
Show More |
|||||