Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0705 | 1 Surfcontrol | 2 Superscout Web Filter, Web Filter | 2025-04-03 | 7.5 HIGH | N/A |
|
The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords.
|
|||||
| CVE-2006-1706 | 1 Kansok Communications | 1 Shopweezle | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
|
|||||
| CVE-2006-0688 | 1 Nicecoder | 1 Indexu | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
|
|||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
|
|||||
| CVE-2005-0505 | 1 Stackworks Enterprises | 1 Information Resource Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.
|
|||||
| CVE-2006-4833 | 1 Verso Netperformer | 1 Frame Relay Access Device Act | 2025-04-03 | 7.8 HIGH | N/A |
|
Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.
|
|||||
| CVE-2005-1849 | 1 Zlib | 1 Zlib | 2025-04-03 | 5.0 MEDIUM | N/A |
|
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
|
|||||
| CVE-2002-1884 | 1 Py-membres | 1 Py-membres | 2025-04-03 | 7.5 HIGH | N/A |
|
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
|
|||||
| CVE-2001-0157 | 1 Palm | 1 Palm Os | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.
|
|||||
| CVE-2001-0851 | 3 Caldera, Linux, Suse | 7 Openlinux, Openlinux Edesktop, Openlinux Eserver and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
|
|||||
| CVE-2002-2214 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.
|
|||||
| CVE-2006-3053 | 1 Phorum | 1 Phorum | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor
|
|||||
| CVE-2005-2715 | 1 Symantec Veritas | 2 Netbackup Data And Business Center, Netbackup Enterprise Server Client | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command.
|
|||||
| CVE-2003-0291 | 1 3com | 1 3cp4144 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
|
|||||
| CVE-2005-1157 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
|
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
|
|||||
| CVE-2005-2017 | 1 Symantec | 1 Norton Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
|
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
|
|||||
| CVE-2006-0244 | 1 Phpxplorer | 1 Phpxplorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root
|
|||||
| CVE-2005-3762 | 1 Exponent | 1 Exponent | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter.
|
|||||
| CVE-2001-0453 | 1 Brs | 1 Webweaver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
|
|||||
| CVE-2002-0335 | 1 Galacticomm Technologies | 2 Worldgroup, Worldgroup Lite Personal Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.
|
|||||
| CVE-2006-1023 | 1 Hp | 1 System Management Homepage | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
|
|||||
| CVE-2006-4350 | 1 Oneorzero | 1 Oneorzero | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2004-1687 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
|
|||||
| CVE-2004-1058 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 1.2 LOW | N/A |
|
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.
|
|||||
| CVE-2004-2387 | 2 Denis Sbragion, Peter Astrand | 2 Sredird, Sercd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2025-04-03 | 7.5 HIGH | N/A |
|
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
|
|||||
| CVE-2002-0474 | 1 Zeroforum | 1 Zeroforum | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.
|
|||||
| CVE-2005-0368 | 1 Chipmunk Scripts | 1 Cmscore | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.
|
|||||
| CVE-2006-3013 | 1 Eschew.net | 1 Phpbannerexchange | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange.
|
|||||
| CVE-2004-1932 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
|
|||||
| CVE-2004-2227 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
|
|||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2025-04-03 | 7.5 HIGH | N/A |
|
MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area.
|
|||||
| CVE-2000-0339 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 7.5 HIGH | N/A |
|
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.
|
|||||
| CVE-2003-0631 | 1 Vmware | 2 Gsx Server, Workstation | 2025-04-03 | 7.2 HIGH | N/A |
|
VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.
|
|||||
| CVE-2006-3184 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.
|
|||||
| CVE-2005-1205 | 1 Microsoft | 1 Windows 2003 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
|
|||||
| CVE-2003-1042 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
|
|||||
| CVE-2000-0697 | 1 Sun | 1 Solaris Answerbook2 | 2025-04-03 | 10.0 HIGH | N/A |
|
The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.
|
|||||
| CVE-2004-1264 | 1 Chbg | 1 Chbg | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.
|
|||||
| CVE-2003-0125 | 1 Multitech | 1 Routefinder 550 Vpn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.
|
|||||