Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1664 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
|
|||||
| CVE-2005-2163 | 1 Autoindex | 1 Php Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2004-2211 | 1 Alivesites | 1 Alivesites Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp.
|
|||||
| CVE-2000-0602 | 1 Kevin Lindsay | 1 Secure Locate | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.
|
|||||
| CVE-2006-0717 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.
|
|||||
| CVE-2004-0908 | 1 Mozilla | 2 Mozilla, Thunderbird | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
|
|||||
| CVE-2001-1008 | 1 Sun | 2 Java Plug-in, Jre | 2025-04-03 | 7.5 HIGH | N/A |
|
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
|
|||||
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
|
|||||
| CVE-2002-0964 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out.
|
|||||
| CVE-2003-0535 | 1 Xblockout | 1 Xbl | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option.
|
|||||
| CVE-2001-1265 | 1 Ibm | 1 Alphaworks Tftp Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2005-3987 | 1 Tradesoft | 1 Tradesoft Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
|
|||||
| CVE-2003-0148 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-03 | 7.2 HIGH | N/A |
|
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell.
|
|||||
| CVE-2004-1405 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 7.5 HIGH | N/A |
|
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
|
|||||
| CVE-2003-1241 | 1 Levcgi.com | 1 Myguestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters.
|
|||||
| CVE-2002-1410 | 2 Ben Chivers, Easy Scripts Archive | 2 Ben Chivers Guestbook, Easy Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
|
|||||
| CVE-2001-1214 | 1 Marcus S. Xenakis | 1 Unix Manual | 2025-04-03 | 7.5 HIGH | N/A |
|
manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.
|
|||||
| CVE-2004-2557 | 1 Netgear | 1 Wg602 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
|
|||||
| CVE-2001-1232 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
|
|||||
| CVE-2000-0050 | 1 Allaire | 1 Spectra | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
|
|||||
| CVE-2005-1952 | 1 Pico Server | 1 Pico Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count.
|
|||||
| CVE-2004-2341 | 1 Isearch | 1 Isearch | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter.
|
|||||
| CVE-2006-3313 | 1 Netsoft | 1 Smartnet | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.
|
|||||
| CVE-2006-4878 | 1 David Bennett | 1 Php-post | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
|
|||||
| CVE-2004-0292 | 1 Karjasoft | 1 Sami Http Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
|
|||||
| CVE-2000-0146 | 1 Novell | 1 Groupwise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
|
|||||
| CVE-1999-0761 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
|
|||||
| CVE-2006-2319 | 1 Ideal Science | 1 Idealbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.
|
|||||
| CVE-2006-0762 | 1 Winability | 1 Folder Guard | 2025-04-03 | 4.6 MEDIUM | N/A |
|
WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement.
|
|||||
| CVE-2005-0034 | 1 Isc | 1 Bind | 2025-04-03 | 4.3 MEDIUM | N/A |
|
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
|
|||||
| CVE-2001-0320 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 10.0 HIGH | N/A |
|
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
|
|||||
| CVE-2006-2983 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-0628 | 1 Joshua Chamas | 1 Apache Asp | 2025-04-03 | 7.5 HIGH | N/A |
|
The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
|
|||||
| CVE-2001-0182 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.
|
|||||
| CVE-2004-2678 | 1 Hp | 1 Tru64 | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.
|
|||||
| CVE-2006-3998 | 1 Wowroster | 1 Wowroster | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
|
|||||
| CVE-2004-0435 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 3.6 LOW | N/A |
|
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
|
|||||
| CVE-2005-2605 | 1 Omnipilot Software | 1 Lasso Professional Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.
|
|||||
| CVE-2005-3993 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.8 HIGH | N/A |
|
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands.
|
|||||
| CVE-2000-0177 | 1 Dnstools Software | 1 Dnstools | 2025-04-03 | 10.0 HIGH | N/A |
|
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||