Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3149 | 1 Phpmyforum | 1 Phpmyforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
|
|||||
| CVE-2005-4176 | 1 Award | 1 Award Bios Modular | 2025-04-03 | 2.1 LOW | N/A |
|
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
|
|||||
| CVE-2002-0311 | 1 Caldera | 2 Openunix, Unixware | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi.
|
|||||
| CVE-2005-0778 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.
|
|||||
| CVE-2002-0540 | 1 Nortel | 1 Cvx 1800 Multi-service Access Switch | 2025-04-03 | 7.5 HIGH | N/A |
|
Nortel CVX 1800 is installed with a default "public" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration.
|
|||||
| CVE-2004-1142 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
|
|||||
| CVE-2001-0003 | 1 Microsoft | 4 Office, Windows 2000, Windows Me and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
|
|||||
| CVE-2000-0068 | 1 Intel | 1 Inbusiness Email Station | 2025-04-03 | 7.5 HIGH | N/A |
|
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
|
|||||
| CVE-2002-1047 | 1 Watchguard | 1 Soho Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
The FTP service in Watchguard Soho Firewall 5.0.35a allows remote attackers to gain privileges with a correct password but an incorrect user name.
|
|||||
| CVE-2003-1063 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
|
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
|
|||||
| CVE-2004-1529 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.
|
|||||
| CVE-2004-0602 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
|
|||||
| CVE-2005-1300 | 1 Inserter.cgi | 1 Inserter.cgi | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
|
|||||
| CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
|
|||||
| CVE-2005-1467 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.
|
|||||
| CVE-2003-1308 | 1 Fvwm | 1 Fvwm | 2025-04-03 | 4.6 MEDIUM | N/A |
|
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
|
|||||
| CVE-1999-0571 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
|
|||||
| CVE-2005-2328 | 1 Laffer | 1 Laffer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable.
|
|||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php.
|
|||||
| CVE-2006-2156 | 1 X7 Group | 1 X7 Chat | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
|
|||||
| CVE-2004-0386 | 3 Gentoo, Mandrakesoft, Mplayer | 3 Linux, Mandrake Linux, Mplayer | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
|
|||||
| CVE-1999-1469 | 1 Hughes Technologies | 1 W3-auth | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header.
|
|||||
| CVE-2000-0747 | 1 Conectiva | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
|
|||||
| CVE-2006-0763 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
|
|||||
| CVE-2006-4222 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123.
|
|||||
| CVE-2002-1902 | 1 Markus Triska | 1 Cgiforum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent.
|
|||||
| CVE-2002-0439 | 1 Caupo.net | 1 Cauposhop | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field.
|
|||||
| CVE-2005-3203 | 1 Oracle | 1 Html Db | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges.
|
|||||
| CVE-2002-0199 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.
|
|||||
| CVE-2003-0225 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
|
|||||
| CVE-2005-2259 | 1 Usanet Creations | 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
|
|||||
| CVE-2006-1603 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-1169 | 1 Mafia | 1 Mafia Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.
|
|||||
| CVE-2002-1742 | 1 Paul Kulchenko | 1 Soap Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.
|
|||||
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2002-1388 | 1 Mhonarc | 1 Mhonarc | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.
|
|||||
| CVE-2003-0267 | 1 Bvrp Software | 1 Slwebmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file.
|
|||||
| CVE-2005-4043 | 1 Hobosworld | 1 Hobsr | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters.
|
|||||
| CVE-2003-1145 | 1 Openautoclassifieds | 1 Openautoclassifieds | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
|
|||||
| CVE-2005-1474 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.
|
|||||