Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1577 | 1 Mantis | 1 Mantis | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
|
|||||
| CVE-2006-3298 | 1 Yahoo | 1 Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.
|
|||||
| CVE-2001-0091 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
|
|||||
| CVE-2000-0850 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 7.5 HIGH | N/A |
|
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
|
|||||
| CVE-2006-0503 | 1 Mailenable | 1 Mailenable Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
|
|||||
| CVE-2003-1134 | 1 Sun | 1 Java | 2025-04-03 | 2.1 LOW | N/A |
|
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
|
|||||
| CVE-2000-1194 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
|
|||||
| CVE-2003-1041 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
|
|||||
| CVE-1999-0118 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
AIX infod allows local users to gain root access through an X display.
|
|||||
| CVE-2006-2733 | 1 Mini-nuke | 1 Mini-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts.
|
|||||
| CVE-2006-0737 | 1 Estara | 1 Softphone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field.
|
|||||
| CVE-2005-4775 | 1 Michael Scholz | 1 Contineo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash.
|
|||||
| CVE-2006-3010 | 1 Aliacom | 1 Open Business Management | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.
|
|||||
| CVE-2001-1344 | 1 Cgicentral | 2 Webstore 400, Webstore 400cs | 2025-04-03 | 7.5 HIGH | N/A |
|
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
|
|||||
| CVE-2005-3358 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.
|
|||||
| CVE-1999-0283 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
The Java Web Server would allow remote users to obtain the source code for CGI programs.
|
|||||
| CVE-2006-4822 | 1 Emusoft | 1 Emucms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
|
|||||
| CVE-2006-1329 | 1 Jabberstudio | 1 Jabberd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
|
|||||
| CVE-2002-1925 | 1 Tiny Software | 1 Tiny Personal Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.
|
|||||
| CVE-2006-3389 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.
|
|||||
| CVE-2006-4115 | 1 E-zest Solutions | 1 Pgmarket | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter.
|
|||||
| CVE-2005-1721 | 1 Apple | 1 Afp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code.
|
|||||
| CVE-2006-1209 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
|
|||||
| CVE-2006-3424 | 1 Webex Communications | 1 Webex Downloader Activex Control | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2006-2256 | 1 Eqdkp | 1 Eqdkp | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.
|
|||||
| CVE-1999-1519 | 1 Gene6 | 1 G6 Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of service (resource exhaustion) via a long (1) user name or (2) password.
|
|||||
| CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
|
|||||
| CVE-2002-1940 | 1 Jacob Navia | 1 Lcc-win32 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
|
|||||
| CVE-2006-0469 | 1 Uebimiau | 1 Uebimiau | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
|
|||||
| CVE-2002-0513 | 1 Symatec | 1 Popper Mod | 2025-04-03 | 10.0 HIGH | N/A |
|
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
|
|||||
| CVE-2004-2484 | 1 Php Gift Registry | 1 Phpgiftreg | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php.
|
|||||
| CVE-2006-3363 | 1 Xoops | 1 Xoops Glossaire Module | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.
|
|||||
| CVE-2005-3148 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
|
|||||
| CVE-2002-0618 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 7.5 HIGH | N/A |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
|
|||||
| CVE-2004-1568 | 1 Parachat | 1 Parachat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
|
|||||
| CVE-2004-1403 | 1 Sir | 1 Gnuboard | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2006-4825 | 1 Softcomplex | 1 Php Event Calendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.
|
|||||
| CVE-2001-1578 | 1 Sco | 1 Openserver | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.
|
|||||
| CVE-2006-3090 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.p ...
Show More |
|||||
| CVE-2006-3842 | 1 Adventnet | 1 Zoho Virtual Office | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.
|
|||||