Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter.
|
|||||
| CVE-2003-0739 | 1 Vmware | 1 Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
|
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0286 | 1 Sitenews | 1 Sitenews | 2025-04-03 | 7.5 HIGH | N/A |
|
The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.
|
|||||
| CVE-2006-2310 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.
|
|||||
| CVE-2006-3044 | 1 Logisphere | 1 Logisphere | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.
|
|||||
| CVE-2004-1963 | 1 Freshmeat | 1 Network Query Tool | 2025-04-03 | 5.0 MEDIUM | N/A |
|
nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message.
|
|||||
| CVE-2005-3259 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.
|
|||||
| CVE-2006-4089 | 1 Andy Lo-a-foe | 1 Alsaplayer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) ...
Show More |
|||||
| CVE-2003-1173 | 1 Centrinity | 1 Centrinity Firstclass | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
|
|||||
| CVE-1999-0178 | 1 Oreilly | 1 Oreilly Website | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.
|
|||||
| CVE-1999-0677 | 1 Ramp Networks | 2 Webramp 200i, Webramp M3 | 2025-04-03 | 7.5 HIGH | N/A |
|
The WebRamp web administration utility has a default password.
|
|||||
| CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
|
|||||
| CVE-2006-3145 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
|
|||||
| CVE-2001-1352 | 1 Namazu | 1 Namazu | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.
|
|||||
| CVE-2004-0581 | 2 Gnu, Mandrakesoft | 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
|
|||||
| CVE-2006-0502 | 1 Farsinews | 1 Farsinews | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter.
|
|||||
| CVE-1999-0607 | 1 I-soft | 1 Quikstore | 2025-04-03 | 5.0 MEDIUM | N/A |
|
quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges.
|
|||||
| CVE-2000-0694 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2025-04-03 | 7.2 HIGH | N/A |
|
pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.
|
|||||
| CVE-2001-0895 | 1 Cisco | 11 Catalyst 2900xl, Catalyst 2948g-l3, Catalyst 2950 and 8 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
|
|||||
| CVE-2006-2790 | 1 Sun | 1 Storage Automated Diagnostic Environment | 2025-04-03 | 7.2 HIGH | N/A |
|
A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.
|
|||||
| CVE-2006-1526 | 1 X.org | 1 X11r6 | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
|
|||||
| CVE-2004-1414 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
|
|||||
| CVE-2005-2604 | 1 My Image Gallery | 1 My Image Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.
|
|||||
| CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.8 HIGH | N/A |
|
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
|
|||||
| CVE-2001-1204 | 1 Total Pc Solutions | 1 Php Rocket Add-in | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2001-1354 | 1 Netwin | 2 Dmail, Surgeftp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
|
|||||
| CVE-2006-4949 | 1 Drupal | 1 Site Profile Directory Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.
|
|||||
| CVE-2001-0313 | 1 Borderware | 1 Firewall Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.
|
|||||
| CVE-2005-1640 | 1 The Ignition Project | 1 Ignitionserver | 2025-04-03 | 7.5 HIGH | N/A |
|
mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.
|
|||||
| CVE-2006-0065 | 1 Vego | 1 Vego Web Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php.
|
|||||
| CVE-2000-0593 | 1 Sapporoworks | 1 Sapporoworks Winproxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.
|
|||||
| CVE-2006-2124 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php.
|
|||||
| CVE-2005-3931 | 1 Asp-rider | 1 Asp-rider | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.
|
|||||
| CVE-1999-0316 | 1 Sam Lantinga | 1 Splitvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Linux splitvt command gives root access to local users.
|
|||||
| CVE-2006-3220 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
|
|||||
| CVE-2003-0168 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
|
|||||
| CVE-1999-0234 | 5 Caldera, Redhat, Sgi and 2 more | 5 Openlinux, Linux, Irix and 2 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Bash treats any character with a value of 255 as a command separator.
|
|||||
| CVE-2006-3018 | 1 Php Group | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
|
|||||
| CVE-2005-3304 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.
|
|||||
| CVE-2006-3066 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.
|
|||||