Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0626 | 1 Oreilly | 1 Website Professional | 2025-04-03 | 7.5 HIGH | N/A |
|
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
|
|||||
| CVE-2004-2190 | 1 Unzoo | 1 Unzoo | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
|
|||||
| CVE-2005-2149 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | 10.0 HIGH | N/A |
|
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
|
|||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
|
|||||
| CVE-2005-1104 | 1 Centra | 1 Centra | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields.
|
|||||
| CVE-2004-0086 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.
|
|||||
| CVE-2000-0329 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
|
|||||
| CVE-2006-0657 | 1 Softcomplex | 1 Php Event Calendar | 2025-04-03 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.
|
|||||
| CVE-2005-2567 | 1 Syscp Team | 1 Syscp | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
|
|||||
| CVE-2004-1314 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.
|
|||||
| CVE-2002-0951 | 1 Ruslan Communications | 1 Body Builder | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in Ruslan <Body>Builder allows remote attackers to gain administrative privileges via a "'--" sequence in the username and password.
|
|||||
| CVE-2005-1053 | 1 Moderngigabyte | 1 Modernbill | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.
|
|||||
| CVE-2004-0088 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
|
|||||
| CVE-2002-2197 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.
|
|||||
| CVE-2001-0049 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests.
|
|||||
| CVE-2005-1003 | 1 Profitcode | 1 Payprocart | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the modID parameter.
|
|||||
| CVE-2004-0321 | 1 Singularity Software | 1 Team Factor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory.
|
|||||
| CVE-2002-0141 | 1 Maelstrom | 1 Maelstrom Gpl | 2025-04-03 | 1.2 LOW | N/A |
|
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
|
|||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message).
|
|||||
| CVE-2004-2078 | 1 Red-m | 1 Red-alert | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.
|
|||||
| CVE-2001-0220 | 2 Ja-elvis, Ko-helvis | 2 Ja-elvis, Ko-helvis | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges.
|
|||||
| CVE-2000-0199 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.2 HIGH | N/A |
|
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
|
|||||
| CVE-1999-0106 | 2025-04-03 | 2.1 LOW | N/A | ||
|
Finger redirection allows finger bombs.
|
|||||
| CVE-2004-2221 | 1 Mercantec | 1 Softcart | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
|
|||||
| CVE-2006-0640 | 1 Orbicule | 1 Undercover | 2025-04-03 | 2.1 LOW | N/A |
|
Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon.
|
|||||
| CVE-2006-4665 | 1 Mkportal | 1 Mkportal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information.
|
|||||
| CVE-2001-1268 | 1 Info-zip | 1 Unzip | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
|
|||||
| CVE-2002-1119 | 1 Python | 1 Python | 2025-04-03 | 4.6 MEDIUM | N/A |
|
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
|
|||||
| CVE-2005-0945 | 1 Asp Press | 1 Acs Blog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
|
|||||
| CVE-2005-1212 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 2003 Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
|
|||||
| CVE-2006-2503 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2002-1392 | 1 Gert Doering | 1 Mgetty | 2025-04-03 | 2.1 LOW | N/A |
|
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
|
|||||
| CVE-2006-3861 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
|
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
|
|||||
| CVE-2004-2136 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
|
|||||
| CVE-2003-0328 | 1 Epic | 1 Epic4 | 2025-04-03 | 7.5 HIGH | N/A |
|
EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.
|
|||||
| CVE-2005-3245 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).
|
|||||
| CVE-2006-4189 | 1 Boonex | 1 Dolphin | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.
|
|||||
| CVE-2005-3963 | 1 Dotclear | 1 Dotclear | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.
|
|||||
| CVE-2004-2046 | 1 Apc | 1 Powerchute | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.
|
|||||
| CVE-2002-2017 | 1 Sas | 2 Base, Integration Technologies | 2025-04-03 | 10.0 HIGH | N/A |
|
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
|
|||||