Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1955 | 1 Singapore | 1 Singapore | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
|
|||||
| CVE-1999-0033 | 5 Ibm, Ncr, Sco and 2 more | 7 Aix, Mp-ras, Open Desktop and 4 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Command execution in Sun systems via buffer overflow in the at program.
|
|||||
| CVE-2003-0089 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.
|
|||||
| CVE-2006-0958 | 1 Zoneo-soft | 1 Freeforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters.
|
|||||
| CVE-2006-4973 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
|
|||||
| CVE-2002-2195 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
|
|||||
| CVE-2005-3723 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2025-04-03 | 7.5 HIGH | N/A |
|
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.
|
|||||
| CVE-2001-0595 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.
|
|||||
| CVE-2002-2281 | 1 Symantec | 1 Java | 2025-04-03 | 10.0 HIGH | N/A |
|
Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler.
|
|||||
| CVE-2001-0232 | 1 Ibrow | 1 News Desk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters.
|
|||||
| CVE-2005-4278 | 1 Larry Wall | 1 Perl | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
|
|||||
| CVE-2006-3337 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
|||||
| CVE-2006-3799 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
|
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
|
|||||
| CVE-2004-2560 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | 7.5 HIGH | N/A |
|
DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".
|
|||||
| CVE-2006-3510 | 1 Microsoft | 1 Ie | 2025-04-03 | 2.6 LOW | N/A |
|
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
|
|||||
| CVE-2006-4500 | 1 Ztml | 1 Ezportal Ztml Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters.
|
|||||
| CVE-2006-4772 | 1 Hotplug Cms | 1 Hotplug Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc.
|
|||||
| CVE-2002-0295 | 1 Alcatel-lucent | 1 Omnipcx | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.
|
|||||
| CVE-2000-0836 | 1 Broadgun Software | 1 Camshot Webcam | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header.
|
|||||
| CVE-2005-2448 | 1 Ekg | 1 Ekg | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems.
|
|||||
| CVE-1999-1548 | 1 Cabletron | 1 Smartswitch Router 8000 Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.
|
|||||
| CVE-2003-0676 | 1 Sun | 2 Iplanet Directory Server, One Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
|
|||||
| CVE-2005-4795 | 1 Sun | 1 Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.
|
|||||
| CVE-2005-3080 | 1 Geshi | 1 Geshi | 2025-04-03 | 5.0 MEDIUM | N/A |
|
contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set.
|
|||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2025-04-03 | 7.5 HIGH | N/A |
|
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
|
|||||
| CVE-2005-3690 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands.
|
|||||
| CVE-2006-1599 | 1 V-creator.com | 1 V-creator | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions.
|
|||||
| CVE-2001-1482 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
|
|||||
| CVE-2004-1518 | 1 Phorum | 1 Phorum | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
|
|||||
| CVE-2005-0743 | 1 Xoops | 1 Xoops | 2025-04-03 | 7.5 HIGH | N/A |
|
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.
|
|||||
| CVE-2004-0426 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | 5.0 MEDIUM | N/A |
|
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
|
|||||
| CVE-2006-2300 | 1 Keyvan1 | 1 Eimagepro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.
|
|||||
| CVE-2005-0436 | 1 Awstats | 1 Awstats | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.
|
|||||
| CVE-2006-2448 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.6 MEDIUM | N/A |
|
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
|
|||||
| CVE-1999-0207 | 1 Great Circle Associates | 1 Majordomo | 2025-04-03 | 7.5 HIGH | N/A |
|
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.
|
|||||
| CVE-2006-3386 | 1 Vincent Leclercq | 1 News | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.
|
|||||
| CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 4.3 MEDIUM | N/A |
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
|
|||||
| CVE-2002-1438 | 1 Novell | 1 Netware | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
|
|||||
| CVE-2005-0745 | 1 Utstarcom | 1 Ian-02ex Voip Ata | 2025-04-03 | 4.6 MEDIUM | N/A |
|
UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset.
|
|||||
| CVE-2002-0348 | 1 Sun | 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 | 2025-04-03 | 7.5 HIGH | N/A |
|
service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.
|
|||||