Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1351 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.
|
|||||
| CVE-2002-1548 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."
|
|||||
| CVE-2004-1320 | 1 Asante | 1 Fm2008 Managed Ethernet Switch | 2025-04-03 | 7.5 HIGH | N/A |
|
Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access.
|
|||||
| CVE-2002-0198 | 1 Paul L Daniels | 2 Inflex, Ripmime | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
|
|||||
| CVE-1999-1193 | 1 Next | 1 Next | 2025-04-03 | 10.0 HIGH | N/A |
|
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
|
|||||
| CVE-2002-1741 | 1 Alt-n | 1 Worldclient | 2025-04-03 | 7.2 HIGH | N/A |
|
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter.
|
|||||
| CVE-2005-1146 | 1 Calendarscript | 1 Calendarscript | 2025-04-03 | 4.3 MEDIUM | N/A |
|
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145
|
|||||
| CVE-2005-3332 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter.
|
|||||
| CVE-2004-0423 | 1 Ssmtp | 1 Ssmtp | 2025-04-03 | 2.1 LOW | N/A |
|
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
|
|||||
| CVE-2002-0718 | 1 Microsoft | 1 Content Management Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
|
|||||
| CVE-2005-1188 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.
|
|||||
| CVE-2006-1950 | 1 Perlcoders Group | 1 Bannerfarm | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters.
|
|||||
| CVE-2001-0385 | 1 Goahead Software | 1 Goahead Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
|
|||||
| CVE-2005-2286 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 10.0 HIGH | N/A |
|
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
|
|||||
| CVE-2002-2267 | 1 Bogofilter | 1 Bogopass Email Filter | 2025-04-03 | 7.2 HIGH | N/A |
|
bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file.
|
|||||
| CVE-2006-2929 | 1 Openemr | 1 Openemr | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter.
|
|||||
| CVE-2001-1510 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
|
|||||
| CVE-2005-2357 | 1 Emc | 1 Navisphere Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-2006-2753 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
|
|||||
| CVE-1999-0742 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
|
|||||
| CVE-2005-4056 | 1 Jonathan Beckett | 1 Pluggedout Nexus | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters.
|
|||||
| CVE-1999-1298 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
|
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
|
|||||
| CVE-2004-0653 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
|
|||||
| CVE-2006-3721 | 1 Oracle | 1 Enterprise Manager | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04.
|
|||||
| CVE-2002-1676 | 1 Bindview | 2 Netinventory, Netrc | 2025-04-03 | 2.1 LOW | N/A |
|
BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.
|
|||||
| CVE-2006-4551 | 1 Chxo | 1 Feedsplitter | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.
|
|||||
| CVE-2003-1184 | 1 Thwboard | 1 Thwboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."
|
|||||
| CVE-2003-1251 | 1 Nx | 1 N X Web Content Management System 2002 | 2025-04-03 | 7.5 HIGH | N/A |
|
The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.
|
|||||
| CVE-2003-0793 | 1 Gnome | 1 Gdm | 2025-04-03 | 2.1 LOW | N/A |
|
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2006-0320 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.
|
|||||
| CVE-2006-3282 | 1 Datetopia | 1 Dating Agent Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
|
|||||
| CVE-2006-3269 | 1 Thorcms | 1 Thorcms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
|
|||||
| CVE-2004-2551 | 1 Layton Technology | 1 Helpbox | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request ...
Show More |
|||||
| CVE-2006-1558 | 1 Php | 1 Php Script Index | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2006-1505 | 1 Basic Analysis And Security Engine | 1 Base | 2025-04-03 | 5.0 MEDIUM | N/A |
|
base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".
|
|||||
| CVE-2002-1120 | 1 Savant | 1 Savant Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2006-1074 | 1 Jason Boettcher | 1 Liero Xtreme | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command.
|
|||||
| CVE-2001-0891 | 2 Cray, Sgi | 2 Unicos, Nqsdaemon | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.
|
|||||
| CVE-2006-2734 | 1 Mini-nuke | 1 Mini-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.
|
|||||
| CVE-2001-0061 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
|
|||||