Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1203 | 1 Phpcms | 1 Phpcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
|
|||||
| CVE-2006-1514 | 1 Abcmidi | 1 Abcmidi | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.
|
|||||
| CVE-2005-2178 | 1 Probe.cgi | 1 Probe.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. NOTE: it is unclear which product or vendor this program is associated with, if any.
|
|||||
| CVE-2003-0045 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
|
|||||
| CVE-2000-0017 | 1 Redhat | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
|
|||||
| CVE-2005-2712 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 7.8 HIGH | N/A |
|
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.
|
|||||
| CVE-2005-0270 | 1 Photopost | 1 Reviewpost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
|
|||||
| CVE-2005-3849 | 1 Pmwiki | 1 Pmwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-1999-1050 | 1 Matt Wright | 1 Formhandler.cgi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template.
|
|||||
| CVE-2004-1153 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.
|
|||||
| CVE-2002-1679 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.
|
|||||
| CVE-2005-1900 | 1 Sawmill | 1 Sawmill | 2025-04-03 | 7.5 HIGH | N/A |
|
Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license.
|
|||||
| CVE-2002-2075 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.
|
|||||
| CVE-2005-1264 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
|
|||||
| CVE-2005-4042 | 1 Mr. Cgi Guy | 1 Warm Links | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi.
|
|||||
| CVE-2005-0058 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.
|
|||||
| CVE-2006-2794 | 1 Aspsitem | 1 Aspsitem | 2025-04-03 | 7.8 HIGH | N/A |
|
Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.
|
|||||
| CVE-2002-2172 | 1 Shana | 2 Informed Designer, Informed Filler | 2025-04-03 | 2.1 LOW | N/A |
|
Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information.
|
|||||
| CVE-2003-0083 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
|
|||||
| CVE-2004-2463 | 1 Ada | 1 Imgsvr | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request.
|
|||||
| CVE-1999-0216 | 3 Gnu, Hp, Linux | 3 Inet, Hp-ux, Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service of inetd on Linux through SYN and RST packets.
|
|||||
| CVE-2004-2652 | 1 Sourcefire | 1 Snort | 2025-04-03 | 7.8 HIGH | N/A |
|
The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
|
|||||
| CVE-2005-1302 | 1 Swsoft | 1 Confixx | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field.
|
|||||
| CVE-2003-0442 | 2 Php, Redhat | 2 Php, Linux | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
|
|||||
| CVE-2001-0381 | 1 Pgp | 1 Openpgp | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
|
|||||
| CVE-2006-0873 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
|
|||||
| CVE-2004-0578 | 1 Qbik | 1 Wingate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
|
|||||
| CVE-2002-1063 | 1 T. Hauck | 1 Jana Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.
|
|||||
| CVE-2000-0469 | 1 Selena Sol | 1 Webbanner | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2004-2114 | 1 Internetnow | 1 Proxynow | 2025-04-03 | 10.0 HIGH | N/A |
|
Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.
|
|||||
| CVE-2000-0643 | 1 Itafrica | 1 Webactive | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.
|
|||||
| CVE-1999-1493 | 1 Hp | 1 Apollo Domain Os | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().
|
|||||
| CVE-2001-0681 | 1 Qpc Software | 2 Qvt Net, Qvt Term | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password.
|
|||||
| CVE-2003-0274 | 1 Cren | 1 Listproc | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.
|
|||||
| CVE-2005-2737 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
|
|||||
| CVE-2004-0064 | 1 Suse | 1 Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
|
|||||
| CVE-2005-1393 | 1 Esri | 1 Arcinfo Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery.
|
|||||
| CVE-2006-3544 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run.
|
|||||
| CVE-2005-2590 | 1 Parlano | 1 Mindalign | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element.
|
|||||