Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4462 | 1 Tolva | 1 Tolva | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter.
|
|||||
| CVE-2005-3689 | 1 Xmb Forum | 1 Xmb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
post.php in XMB 1.9.2 allows remote attackers to obtain the installation path via an invalid fid parameter in a newthread action.
|
|||||
| CVE-2006-3374 | 1 Randshop | 1 Randshop | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter.
|
|||||
| CVE-2001-0409 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 2.1 LOW | N/A |
|
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
|
|||||
| CVE-2005-1332 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.
|
|||||
| CVE-2004-1027 | 3 Arjsoftware, Debian, Gentoo | 3 Unarj, Debian Linux, Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
|
|||||
| CVE-2000-1215 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2002-0547 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.
|
|||||
| CVE-2002-1895 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
|
|||||
| CVE-2000-0604 | 1 Redhat | 1 Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.
|
|||||
| CVE-2004-1692 | 1 Mambo | 1 Mambo Open Source | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
|
|||||
| CVE-2005-0281 | 1 Jowood Productions | 1 Soldner Secret Wars | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.
|
|||||
| CVE-2006-0825 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors.
|
|||||
| CVE-2005-2264 | 1 Mozilla | 1 Firefox | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
|
|||||
| CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).
|
|||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
|
|||||
| CVE-2005-1737 | 1 Electricmonk | 1 Proms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list.
|
|||||
| CVE-2004-2613 | 1 Vserver | 1 Linux-vserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.
|
|||||
| CVE-2005-0763 | 1 Midnight Commander | 1 Midnight Commander | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.
|
|||||
| CVE-2006-3511 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.
|
|||||
| CVE-2002-0517 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm.
|
|||||
| CVE-2005-0043 | 1 Apple | 1 Itunes | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
|
|||||
| CVE-2002-1907 | 1 Telcondex | 1 Simplewebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
|
|||||
| CVE-2006-2250 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 6.4 MEDIUM | N/A |
|
CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.
|
|||||
| CVE-2004-0577 | 1 Qbik | 1 Wingate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
|
|||||
| CVE-2005-1178 | 1 Oracle | 1 Forms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.
|
|||||
| CVE-2006-0926 | 1 Smithmicro | 4 Stuffit Deluxe, Stuffit Expander, Stuffit Standard and 1 more | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
|
|||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
|
|||||
| CVE-2004-2378 | 1 Calacode | 1 At Mail Webmail System | 2025-04-03 | 5.0 MEDIUM | N/A |
|
@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.
|
|||||
| CVE-2006-0643 | 1 Wiredred | 1 E Pop Web Conferencing | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference.
|
|||||
| CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.
|
|||||
| CVE-2006-4967 | 1 Nextage | 1 Nextage Shopping Cart | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php.
|
|||||
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
|
|||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4.
|
|||||
| CVE-2006-3940 | 1 Phpbb Group | 1 Phpbb-auction | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
|
|||||
| CVE-2006-2839 | 1 Webwork | 1 Webwork | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory.
|
|||||
| CVE-2005-2449 | 1 Sandbox | 1 Sandbox | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.
|
|||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
|
|||||
| CVE-2002-1998 | 1 Sco | 2 Open Unix, Unixware | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21).
|
|||||
| CVE-2002-0650 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
|
|||||