Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1998 | 1 Mcgallery | 1 Mcgallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2002-0263 | 1 Ezne.net | 1 Ezboard 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
|
|||||
| CVE-2004-1590 | 1 Clientexec | 1 Clientexec | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.
|
|||||
| CVE-1999-0636 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The discard service is running.
|
|||||
| CVE-1999-0752 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
|
|||||
| CVE-2006-4735 | 1 Kellan Elliott-mccrea | 1 Magpierss | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
|
|||||
| CVE-2005-2546 | 1 Arab Portal | 1 Arab Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called.
|
|||||
| CVE-2005-0521 | 1 Sendlink | 1 Sendlink | 2025-04-03 | 2.1 LOW | N/A |
|
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges.
|
|||||
| CVE-2002-1348 | 1 W3m | 1 W3m | 2025-04-03 | 5.0 MEDIUM | N/A |
|
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
|
|||||
| CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000.
|
|||||
| CVE-2006-1660 | 1 Softbiz | 1 Image Gallery | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2002-0202 | 1 Paintbbs | 1 Paintbbs | 2025-04-03 | 3.6 LOW | N/A |
|
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.
|
|||||
| CVE-2006-1699 | 1 Aweb | 1 Banner Generator | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.
|
|||||
| CVE-2005-3150 | 1 Weex | 1 Weex | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames.
|
|||||
| CVE-2006-0519 | 1 Spip | 1 Spip | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
|
|||||
| CVE-2005-2949 | 1 Mark D. Roth | 1 Pam Per User | 2025-04-03 | 7.5 HIGH | N/A |
|
pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
|
|||||
| CVE-2002-1751 | 1 Cgiscript.net | 1 Cslivesupport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
|
|||||
| CVE-2006-0216 | 1 Qualityebiz | 1 Quality Ppc | 2025-04-03 | 5.0 MEDIUM | N/A |
|
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.
|
|||||
| CVE-2003-1137 | 1 Charles Steinkuehler | 1 Sh-httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.
|
|||||
| CVE-2005-0472 | 3 Mandrakesoft, Redhat, Rob Flynn | 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
|
|||||
| CVE-2000-0149 | 1 Zeus Technologies | 1 Zeus Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.
|
|||||
| CVE-2006-3543 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never ...
Show More |
|||||
| CVE-2005-2933 | 1 University Of Washington | 1 Uw-imap | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.
|
|||||
| CVE-2005-2123 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
|
|||||
| CVE-2005-1037 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
|
|||||
| CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL.
|
|||||
| CVE-2003-0584 | 1 Tolis Group | 1 Bru | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument.
|
|||||
| CVE-2006-0334 | 1 Freekrai.net | 1 My Amazon Store Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords".
|
|||||
| CVE-2005-2652 | 1 Phpoutsourcing | 1 Zorum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php.
|
|||||
| CVE-2003-0894 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument.
|
|||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
|
|||||
| CVE-2004-0290 | 1 Freeform Interactive | 2 Purge, Purge Jihad | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.
|
|||||
| CVE-2005-0736 | 3 Conectiva, Linux, Redhat | 5 Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-03 | 2.1 LOW | N/A |
|
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
|
|||||
| CVE-2005-4369 | 1 The Collective | 1 Acuity Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp.
|
|||||
| CVE-2006-1484 | 1 Kye | 1 Genius Videocam Nb | 2025-04-03 | 7.2 HIGH | N/A |
|
Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog.
|
|||||
| CVE-2005-3232 | 1 Thehacker | 1 Thehacker | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of TheHacker allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-1999-0829 | 1 Hp | 1 Secure Web Console | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HP Secure Web Console uses weak encryption.
|
|||||
| CVE-2004-0432 | 3 Gentoo, Proftpd Project, Trustix | 3 Linux, Proftpd, Secure Linux | 2025-04-03 | 7.5 HIGH | N/A |
|
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
|
|||||
| CVE-2004-0937 | 11 Archive Zip, Broadcom, Ca and 8 more | 23 Archive Zip, Brightstor Arcserve Backup, Etrust Antivirus and 20 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
|
|||||
| CVE-2000-0362 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
|
|||||