Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2191 | 1 Turbotraffictrader | 1 Turbotraffictrader Php | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters.
|
|||||
| CVE-1999-0925 | 1 Messagemedia | 1 Unitymail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers.
|
|||||
| CVE-2002-0919 | 1 Cgiscript.net | 1 Cspassword | 2025-04-03 | 7.5 HIGH | N/A |
|
CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page.
|
|||||
| CVE-2004-0575 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
|
|||||
| CVE-2004-1599 | 1 Coolphp | 1 Coolphpweb Portal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters.
|
|||||
| CVE-2005-0020 | 2 Mandrakesoft, Playmidi | 3 Mandrake Linux, Mandrake Linux Corporate Server, Playmidi | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
|
|||||
| CVE-2004-0068 | 1 Phpdig.net | 1 Phpdig | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2006-0644 | 1 Cpg-nuke | 1 Dragonfly Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php.
|
|||||
| CVE-2005-3477 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invis ...
Show More |
|||||
| CVE-2006-3649 | 1 Microsoft | 1 Visual Basic | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
|
|||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2025-04-03 | 7.5 HIGH | N/A |
|
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
|
|||||
| CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
|
|||||
| CVE-2006-4851 | 1 Bolinos | 1 Bolinos | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-1504 | 1 Gamespy | 1 Cd-key Validation System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.
|
|||||
| CVE-2002-0918 | 1 Cgiscript.net | 1 Cspassword | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGIScript.net csPassword.cgi leaks sensitive information such as the pathname of the server in debug messages that are presented when the script fails, which allows remote attackers to obtain the information via a "remove" option in the command parameter, which generates an error.
|
|||||
| CVE-2002-0502 | 1 Citrix | 1 Nfuse | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
|
|||||
| CVE-2005-1446 | 1 Sitepanel | 1 Sitepanel | 2025-04-03 | 7.5 HIGH | N/A |
|
SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket.
|
|||||
| CVE-2004-0235 | 8 Clearswift, F-secure, Rarlab and 5 more | 13 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 10 more | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
|
|||||
| CVE-2003-0540 | 2 Conectiva, Wietse Venema | 2 Linux, Postfix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
|
|||||
| CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 6.4 MEDIUM | N/A |
|
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
|
|||||
| CVE-2006-1262 | 1 Aspportal | 1 Aspportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.
|
|||||
| CVE-2006-1411 | 1 Xigla | 1 Absolute Image Gallery Xe | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters.
|
|||||
| CVE-2006-4719 | 1 Myabracadaweb | 1 Myabracadaweb | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.
|
|||||
| CVE-2005-0584 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
|
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
|
|||||
| CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
|
|||||
| CVE-2005-2768 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
|
|||||
| CVE-2001-0245 | 1 Microsoft | 2 Index Server, Indexing Service | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
|
|||||
| CVE-2002-1977 | 1 Pgp | 1 Pgp | 2025-04-03 | 2.1 LOW | N/A |
|
Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.
|
|||||
| CVE-2004-0807 | 5 Conectiva, Mandrakesoft, Samba and 2 more | 5 Linux, Mandrake Linux, Samba and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
|
|||||
| CVE-2003-0044 | 1 Apache | 1 Tomcat | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
|
|||||
| CVE-2002-0488 | 1 Linux Directory Penguin | 1 Linux Directory Penguin Traceroute | 2025-04-03 | 10.0 HIGH | N/A |
|
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
|
|||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.
|
|||||
| CVE-2003-1036 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
|
|||||
| CVE-2005-1970 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | 7.2 HIGH | N/A |
|
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
|
|||||
| CVE-2002-1142 | 1 Microsoft | 3 Data Access Components, Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
|
|||||
| CVE-2005-1143 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter.
|
|||||
| CVE-2006-1286 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database.
|
|||||
| CVE-2005-3299 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
|
|||||
| CVE-2005-4424 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
|
|||||
| CVE-2002-0326 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.
|
|||||