Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4065 | 1 Dmitry Sheiko | 1 Sapid Gallery | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php.
|
|||||
| CVE-2000-0870 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.
|
|||||
| CVE-2005-4306 | 1 Focalmedia.net | 1 Sitenet Bbs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi.
|
|||||
| CVE-2006-4012 | 1 Savewebportal | 1 Savewebportal | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
|
|||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
|
|||||
| CVE-1999-0155 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 7.5 HIGH | N/A |
|
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
|
|||||
| CVE-2005-0085 | 4 Htdig, Mandrakesoft, Redhat and 1 more | 5 Htdig, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
|
|||||
| CVE-2005-1510 | 1 Pwsphp | 1 Pwsphp | 2025-04-03 | 7.5 HIGH | N/A |
|
PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.
|
|||||
| CVE-2004-2194 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
|
|||||
| CVE-2005-1780 | 1 Dotnetindex | 1 Active News Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.
|
|||||
| CVE-2006-3882 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
|
|||||
| CVE-2000-0270 | 1 Gnu | 1 Emacs | 2025-04-03 | 3.6 LOW | N/A |
|
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
|
|||||
| CVE-1999-0828 | 1 Sco | 1 Unixware | 2025-04-03 | 3.6 LOW | N/A |
|
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
|
|||||
| CVE-2000-0392 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
|
|||||
| CVE-2006-0788 | 1 Kyocera | 1 Fs-3830n | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.
|
|||||
| CVE-2005-2536 | 1 Pstotext | 1 Pstotext | 2025-04-03 | 7.5 HIGH | N/A |
|
pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.
|
|||||
| CVE-2002-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
|
|||||
| CVE-2002-1827 | 1 Sendmail | 1 Sendmail | 2025-04-03 | 2.1 LOW | N/A |
|
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
|
|||||
| CVE-2005-0107 | 1 Debian | 1 Bsmtpd | 2025-04-03 | 7.5 HIGH | N/A |
|
bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-1999-0370 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.
|
|||||
| CVE-2002-0899 | 1 Blueface | 1 Falcon Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Falcon web server 2.0.0.1021 and earlier allows remote attackers to bypass access restrictions for protected files via a URL whose directory portion ends in a . (dot).
|
|||||
| CVE-2002-0966 | 1 Aci | 1 4d Webserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request.
|
|||||
| CVE-2005-3339 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.2 HIGH | N/A |
|
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
|
|||||
| CVE-2006-2321 | 1 Ideal Science | 1 Idealbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207.
|
|||||
| CVE-2006-2349 | 1 Oasyssoft | 1 E-business Designer | 2025-04-03 | 6.8 MEDIUM | N/A |
|
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files.
|
|||||
| CVE-2002-0314 | 3 Fasttrack, Grokster, Music City Networks | 3 Kazaa, Grokster, Morpheus | 2025-04-03 | 5.0 MEDIUM | N/A |
|
fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message.
|
|||||
| CVE-2003-1132 | 1 Cisco | 2 Content Services Switch 11000, Content Services Switch 11500 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
|
|||||
| CVE-1999-1355 | 1 Compaq | 2 Insight Management Agent, Management Agents For Servers | 2025-04-03 | 7.5 HIGH | N/A |
|
BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges.
|
|||||
| CVE-2006-0245 | 1 Devellion | 1 Cubecart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.
|
|||||
| CVE-2006-3787 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 2.1 LOW | N/A |
|
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
|
|||||
| CVE-2006-4419 | 1 Promanager | 1 Promanager | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter.
|
|||||
| CVE-2004-0716 | 1 Hp | 1 Hp-ux | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
|
|||||
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php.
|
|||||
| CVE-2005-4630 | 1 Clientexec | 1 Clientexec | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters.
|
|||||
| CVE-2001-0082 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 7.5 HIGH | N/A |
|
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.
|
|||||
| CVE-2003-0692 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
|
|||||
| CVE-2005-1777 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter.
|
|||||
| CVE-2002-0886 | 1 Cisco | 1 Cbos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
|
|||||
| CVE-2006-1346 | 1 Greg Neustaetter | 1 Gcards | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
|
|||||
| CVE-2005-1924 | 1 Squirrelmail | 1 Gpg Plugin | 2025-04-03 | 9.3 HIGH | N/A |
|
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636.
|
|||||