Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2090 | 1 Caucho Technology | 1 Resin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
|
|||||
| CVE-2006-0783 | 1 Siteframe | 1 Siteframe Beaumont | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment).
|
|||||
| CVE-2005-2295 | 1 Pyrosoft Inc | 1 Netpanzer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.
|
|||||
| CVE-2004-1671 | 1 Icewarp | 1 Web Mail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html.
|
|||||
| CVE-2006-4861 | 1 Mohammed Mehdi Panjwani | 1 Complain Center | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.
|
|||||
| CVE-2004-2458 | 1 Open Webmail | 1 Open Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
|
|||||
| CVE-2004-1946 | 1 Cherokee | 1 Cherokee Httpd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.
|
|||||
| CVE-2004-0258 | 1 Realnetworks | 4 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player and 1 more | 2025-04-03 | 7.6 HIGH | N/A |
|
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
|
|||||
| CVE-2006-1190 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-1444 | 1 Computer Software Manufaktur | 1 Alibaba | 2025-04-03 | 5.0 MEDIUM | N/A |
|
genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext.
|
|||||
| CVE-2002-1522 | 1 Cooolsoft | 1 Powerftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.
|
|||||
| CVE-2006-4905 | 1 Artmedic Webdesign | 1 Artmedic Links | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.
|
|||||
| CVE-1999-1154 | 1 Lakeweb | 1 Filemail Cgi Script | 2025-04-03 | 7.5 HIGH | N/A |
|
LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.
|
|||||
| CVE-2005-2738 | 1 Sun | 1 Java | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
|
|||||
| CVE-2006-3113 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 7.5 HIGH | N/A |
|
Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.
|
|||||
| CVE-2006-4961 | 1 Blue Dragon | 1 Php Blue Dragon | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
|
|||||
| CVE-2005-3549 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
|
|||||
| CVE-2001-0254 | 1 Fastream | 1 Ftp\+\+ Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command.
|
|||||
| CVE-1999-0313 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
|
disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
|
|||||
| CVE-2002-1524 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
|
|||||
| CVE-2003-0967 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.
|
|||||
| CVE-2004-1311 | 1 Mplayer | 1 Mplayer | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2006-1403 | 1 Csdoom | 1 Csdoom 2005 | 2025-04-03 | 7.8 HIGH | N/A |
|
Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via format string specifiers in strings passed to the console.
|
|||||
| CVE-1999-1254 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.
|
|||||
| CVE-2003-0491 | 1 Mytutorials | 1 Tutorials | 2025-04-03 | 7.5 HIGH | N/A |
|
The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
|
|||||
| CVE-2006-1645 | 1 Reloadcms | 1 Reloadcms | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.
|
|||||
| CVE-2006-0626 | 1 Spip | 1 Spip | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
|
|||||
| CVE-2001-0277 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
|
|||||
| CVE-2004-0712 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
|
|||||
| CVE-2006-4955 | 1 Neosys | 1 Neon Webmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.
|
|||||
| CVE-2004-1837 | 1 Joel Palmius | 1 Mod Survey | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.
|
|||||
| CVE-2006-2037 | 1 Thwboard | 1 Thwboard | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.
|
|||||
| CVE-2006-3114 | 1 Pc Tools | 1 Pc Tools Antivirus | 2025-04-03 | 4.6 MEDIUM | N/A |
|
PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.
|
|||||
| CVE-2002-0290 | 1 Netwin | 1 Webnews | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.
|
|||||
| CVE-2006-2550 | 1 Perlpodder | 1 Perlpodder | 2025-04-03 | 5.1 MEDIUM | N/A |
|
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
|
|||||
| CVE-2005-2283 | 1 Esi Products | 1 Webeoc | 2025-04-03 | 2.1 LOW | N/A |
|
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
|
|||||
| CVE-2006-4877 | 1 David Bennett | 1 Php-post | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
|
|||||
| CVE-1999-1490 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.
|
|||||
| CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic.
|
|||||
| CVE-2006-3542 | 1 Boxcar Media | 1 Shopping Cart | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php.
|
|||||