Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0776 | 1 Teca Scripts | 1 Guestex | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
|
|||||
| CVE-2005-4147 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | 6.5 MEDIUM | N/A |
|
The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing "@" characters.
|
|||||
| CVE-2005-1968 | 1 Early Impact | 1 Productcart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp.
|
|||||
| CVE-2005-2781 | 1 Ilia Alshanetsky | 1 Fudforum | 2025-04-03 | 7.5 HIGH | N/A |
|
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
|
|||||
| CVE-2005-3851 | 1 Onlinetechtools.com | 1 Oasys Lite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.
|
|||||
| CVE-2002-1954 | 1 Php | 1 Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
|
|||||
| CVE-2001-1170 | 1 Amtote International | 1 Homebet | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
|
|||||
| CVE-2005-3696 | 1 Arki-db | 1 Arki-db | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php.
|
|||||
| CVE-2004-2072 | 1 Mambo | 1 Mambo Open Source | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
|
|||||
| CVE-2004-2363 | 1 Phpx | 1 Phpx | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.
|
|||||
| CVE-2006-3349 | 1 Sms Script | 1 Sms Script | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.
|
|||||
| CVE-2005-2203 | 1 Phpwishlist | 1 Phpwishlist | 2025-04-03 | 7.5 HIGH | N/A |
|
login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.
|
|||||
| CVE-2004-0920 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name.
|
|||||
| CVE-2002-0308 | 1 Stefan Holmberg | 1 Admentor | 2025-04-03 | 10.0 HIGH | N/A |
|
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.
|
|||||
| CVE-2002-0792 | 1 Cisco | 2 Content Services Switch 11000, Webns | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.
|
|||||
| CVE-2005-0741 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
|
|||||
| CVE-2006-0105 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.
|
|||||
| CVE-2003-0686 | 2 Dave Airlie, Redhat | 2 Pam Smb, Pam Smb | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-2541 | 1 John Andersson | 1 Zixforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.
|
|||||
| CVE-2002-1963 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.
|
|||||
| CVE-1999-0238 | 1 Php | 1 Php | 2025-04-03 | 10.0 HIGH | N/A |
|
php.cgi allows attackers to read any file on the system.
|
|||||
| CVE-2006-0324 | 1 Webspot | 1 Webspotblogging | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.
|
|||||
| CVE-1999-0825 | 1 Sco | 1 Unixware | 2025-04-03 | 3.6 LOW | N/A |
|
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.
|
|||||
| CVE-2002-0354 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
|
|||||
| CVE-2005-2774 | 1 Lithium Software | 1 Lithium Ii Mod | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname.
|
|||||
| CVE-2005-2513 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.
|
|||||
| CVE-1999-1111 | 1 Immunix | 1 Stackguard | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.
|
|||||
| CVE-2005-2767 | 1 Leapware | 1 Leapftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue (.lsq) file.
|
|||||
| CVE-2006-3687 | 2 D-link, Dlink | 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
|
|||||
| CVE-2006-2127 | 1 Blog Mod | 1 Blog Mod | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter.
|
|||||
| CVE-2000-0940 | 1 Metertek | 1 Pagelog.cgi | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter.
|
|||||
| CVE-2006-0237 | 1 Gtp | 1 Icommerce | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-0315 | 5 Debian, Digital, Netbsd and 2 more | 5 Debian Linux, Unix, Netbsd and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
|
|||||
| CVE-2006-4670 | 1 Gtasoft | 1 Photokorn Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php.
|
|||||
| CVE-2001-0909 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
|
|||||
| CVE-2005-0864 | 1 Securecomputing | 1 Samsung Adsl Modem | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request.
|
|||||
| CVE-2000-0618 | 1 Stanley T. Shebs | 1 Xconq | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable.
|
|||||
| CVE-2005-1354 | 1 Forum.pl | 1 Forum.pl | 2025-04-03 | 7.5 HIGH | N/A |
|
The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
|
|||||
| CVE-2005-3793 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.
|
|||||
| CVE-2005-1433 | 1 Hp | 1 Openview Event Correlation Services | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.
|
|||||