Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0716 | 1 Citrix | 1 Metaframe | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
|
|||||
| CVE-2005-1445 | 1 Sitepanel | 1 Sitepanel | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.
|
|||||
| CVE-2001-0857 | 1 Imp | 1 Webmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
|
|||||
| CVE-2002-0217 | 1 Xoops | 1 Xoops | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.
|
|||||
| CVE-2001-0524 | 1 Eeye Digital Security | 1 Securells | 2025-04-03 | 7.5 HIGH | N/A |
|
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
|
|||||
| CVE-2003-0499 | 1 Mantis | 1 Mantis | 2025-04-03 | 3.6 LOW | N/A |
|
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.
|
|||||
| CVE-1999-0939 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in Debian IRC Epic/epic4 client via a long string.
|
|||||
| CVE-2006-1106 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
|
|||||
| CVE-2005-4777 | 1 Tashcom | 1 Aspedit | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password.
|
|||||
| CVE-2005-3016 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke before 7.9 Final have unknown impact and attack vectors.
|
|||||
| CVE-2005-4482 | 1 Iatek | 1 Portalapp | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.
|
|||||
| CVE-1999-0936 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
|
|||||
| CVE-2006-3453 | 1 Adobe | 1 Acrobat | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF.
|
|||||
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.
|
|||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-1999-0566 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.
|
|||||
| CVE-2006-0892 | 1 Nocc | 1 Nocc | 2025-04-03 | 7.5 HIGH | N/A |
|
NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities.
|
|||||
| CVE-2006-2265 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-1999-1290 | 1 Chris Matthee | 1 Nftp | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.
|
|||||
| CVE-2006-2354 | 1 Ipswitch | 1 Whatsup Professional | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-3493 | 1 Microsoft | 1 Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
|
|||||
| CVE-2006-2285 | 1 Dokeos | 1 Open Source Learning And Knowledge Management Tool | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
|
|||||
| CVE-2001-0151 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
|
|||||
| CVE-2005-2772 | 1 University Of Minnesota | 1 Gopher | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.
|
|||||
| CVE-2004-2028 | 1 E107 | 1 E107 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.
|
|||||
| CVE-2005-1166 | 1 Dameware Development | 2 Dameware Nt Utilities, Miniremote Control | 2025-04-03 | 2.1 LOW | N/A |
|
The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information.
|
|||||
| CVE-2006-1020 | 1 Johnny Vegas | 1 Vegas Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
|
|||||
| CVE-2006-0193 | 1 Positive Software | 1 H-sphere | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.
|
|||||
| CVE-2000-0010 | 1 Tony Greenwood | 1 Webwho\+ | 2025-04-03 | 10.0 HIGH | N/A |
|
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
|
|||||
| CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2025-04-03 | 4.6 MEDIUM | N/A |
|
mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2003-0805 | 1 University Of Minnesota | 1 Gopherd | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.
|
|||||
| CVE-2006-1487 | 1 Activecampaign | 1 Supporttrio | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module.
|
|||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
|
|||||
| CVE-2006-2393 | 1 Empire Server | 1 Empire Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access.
|
|||||
| CVE-2003-1027 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
|
|||||
| CVE-2003-0472 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning.
|
|||||
| CVE-2005-4359 | 1 Oodie | 1 Odfaq | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
|
|||||
| CVE-2006-4708 | 1 Vikingboard | 1 Vikingboard | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.
|
|||||
| CVE-1999-1059 | 1 Att | 1 Svr4 | 2025-04-03 | 10.0 HIGH | N/A |
|
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-2844 | 1 Redaxo | 1 Redaxo | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
|
|||||