Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4045 | 1 Torbstoff | 1 Torbstoff News | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
|
|||||
| CVE-2004-1681 | 1 Qnx | 2 Photon Microgui, Rtp | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
|
|||||
| CVE-2006-3071 | 1 Anton Belev | 1 Mp3 Search Archive | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
|
|||||
| CVE-2005-2212 | 1 Sukria | 1 Backup Manager | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository.
|
|||||
| CVE-2006-0471 | 1 My Little Homepage | 1 My Little Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
|
|||||
| CVE-2006-1409 | 1 Vavoom | 1 Vavoom | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet.
|
|||||
| CVE-2000-0582 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.
|
|||||
| CVE-1999-1242 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges.
|
|||||
| CVE-2002-2131 | 1 Perl-httpd | 1 Perl-httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.
|
|||||
| CVE-2003-0432 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 10.0 HIGH | N/A |
|
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
|
|||||
| CVE-2001-0735 | 1 Infodrom | 1 Cfingerd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
|
|||||
| CVE-2005-0674 | 1 Php Arena | 1 Pabox | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.
|
|||||
| CVE-2005-4425 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.
|
|||||
| CVE-2004-0011 | 1 Debian | 1 Fsp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.
|
|||||
| CVE-2004-2299 | 1 Omnicron | 1 Omnihttpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.
|
|||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc.
|
|||||
| CVE-2005-3595 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
|
|||||
| CVE-2004-2275 | 1 I-mall Commerce | 1 I-mall.cgi | 2025-04-03 | 10.0 HIGH | N/A |
|
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
|
|||||
| CVE-2002-1780 | 1 Alcatech Gmbh | 1 Bpm Studio Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a remote attacker to cause a denial of service (crash) by sending a URL request for a MS-DOS device such as con. NOTE: it has been disputed that this and possibly other application-level DOS device issues stem from a bug in Windows, and as such, such applications should not be considered vulnerable themselves.
|
|||||
| CVE-2005-1077 | 1 Xampp | 1 Apache Distribution | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.
|
|||||
| CVE-2004-1717 | 1 Gv | 1 Gv | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
|
|||||
| CVE-2006-2575 | 1 Pyrosoft Inc | 1 Netpanzer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.
|
|||||
| CVE-2005-0841 | 1 Phpmyfamily | 1 Phpmyfamily | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field.
|
|||||
| CVE-2006-0421 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
|
|||||
| CVE-1999-0732 | 1 Debian | 1 Debian Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
|
|||||
| CVE-2004-1135 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
|
|||||
| CVE-2005-1366 | 1 Pico Server | 1 Pico Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.
|
|||||
| CVE-2006-0296 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
|
|||||
| CVE-2005-4356 | 1 Xmpie | 1 Ustore | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2002-0706 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2025-04-03 | 7.5 HIGH | N/A |
|
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.
|
|||||
| CVE-2006-2421 | 1 Pragma Systems | 1 Fortressssh | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-0974 | 1 Gnu | 1 Privacy Guard | 2025-04-03 | 7.5 HIGH | N/A |
|
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
|
|||||
| CVE-2003-0070 | 2 Gnome, Nalin Dahyabhai | 2 Gnome-terminal, Vte | 2025-04-03 | 6.8 MEDIUM | N/A |
|
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
|
|||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
|
|||||
| CVE-2002-2161 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN packet flood.
|
|||||
| CVE-2000-1108 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 4.6 MEDIUM | N/A |
|
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
|
|||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
Windows NT 4.0 beta allows users to read and delete shares.
|
|||||
| CVE-1999-0055 | 2 Ibm, Sun | 3 Aix, Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in Sun libnsl allow root access.
|
|||||
| CVE-2001-0446 | 1 Ibm | 1 Websphere Commerce Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
|
|||||
| CVE-2002-0307 | 1 Avengers News System | 1 Avengers News System | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.
|
|||||