Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1094 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.2 HIGH | N/A |
|
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
|
|||||
| CVE-2005-1288 | 1 Asp Press | 1 Acs Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.
|
|||||
| CVE-2005-3491 | 1 Johannes F. Kuhlmann | 1 Flatfrag | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model fields.
|
|||||
| CVE-2005-1989 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
|
|||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2025-04-03 | 7.5 HIGH | N/A |
|
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.
|
|||||
| CVE-2006-2557 | 1 Florian Amrhein | 1 Newsportal | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
|
|||||
| CVE-2000-0482 | 1 Checkpoint | 1 Firewall-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.
|
|||||
| CVE-2006-4592 | 1 8pixel.net | 1 Simple Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.
|
|||||
| CVE-2006-3716 | 1 Oracle | 1 E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for O ...
Show More |
|||||
| CVE-2006-2915 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.
|
|||||
| CVE-2005-0996 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function.
|
|||||
| CVE-2006-3482 | 1 Phpmaillist | 1 Phpmaillist | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
|||||
| CVE-2004-1413 | 1 Kayako | 1 Esupport | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.
|
|||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
|
|||||
| CVE-2005-1113 | 1 Phpbb Group | 1 Phpbb Plus | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php.
|
|||||
| CVE-2005-2829 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."
|
|||||
| CVE-2005-1897 | 1 Flexcast | 1 Flexcast Audio Video Streaming Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.
|
|||||
| CVE-2000-0295 | 1 Lcdproc | 1 Lcdproc | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
|
|||||
| CVE-1999-0703 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 3.6 LOW | N/A |
|
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
|
|||||
| CVE-2006-1574 | 1 Hitachi | 4 Groupmax World Wide Web, Groupmax World Wide Web Desktop, Groupmax World Wide Web Desktop Scheduler and 1 more | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
|||||
| CVE-1999-1476 | 1 Intel | 2 Pentium, Pentuim | 2025-04-03 | 2.1 LOW | N/A |
|
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
|
|||||
| CVE-2006-0040 | 1 Gnome | 1 Evolution | 2025-04-03 | 5.0 MEDIUM | N/A |
|
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
|
|||||
| CVE-1999-0579 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
|
|||||
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2025-04-03 | 7.5 HIGH | N/A |
|
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
|
|||||
| CVE-2006-3670 | 1 Rabox | 1 Winlpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515.
|
|||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
|
|||||
| CVE-2005-3212 | 1 Eset Software | 1 Nod32 Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.
|
|||||
| CVE-2006-3729 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-03 | 2.6 LOW | N/A |
|
DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference.
|
|||||
| CVE-2005-4291 | 1 Ectools | 1 Ectools Onlineshop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.
|
|||||
| CVE-2004-1374 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
|
|||||
| CVE-2006-0988 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2025-04-03 | 7.8 HIGH | N/A |
|
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
|
|||||
| CVE-2005-3481 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
|
Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed.
|
|||||
| CVE-2005-2868 | 1 Ziptorrent | 1 Ziptorrent | 2025-04-03 | 2.1 LOW | N/A |
|
ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords.
|
|||||
| CVE-2006-3391 | 1 Imbc | 1 Imbccontents Activex Control | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler.
|
|||||
| CVE-2006-0130 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 7.5 HIGH | N/A |
|
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account.
|
|||||
| CVE-2005-4799 | 1 Yapig | 1 Yapig | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886.
|
|||||
| CVE-2001-1499 | 1 Checkpoint | 1 Vpn-1 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.
|
|||||
| CVE-2006-4366 | 1 Redblog | 1 Redblog | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2002-1672 | 1 Webmin | 1 Webmin | 2025-04-03 | 2.1 LOW | N/A |
|
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
|
|||||