Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2077 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter.
|
|||||
| CVE-2006-4267 | 1 Devellion | 1 Cubecart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
|
|||||
| CVE-2006-2763 | 1 Pre Projects | 1 Pre News Manager | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
|
|||||
| CVE-2004-0471 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
|
|||||
| CVE-2003-0865 | 1 Mpg123 | 1 Mpg123 | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
|
|||||
| CVE-2000-0800 | 1 Suse | 1 Suse Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.
|
|||||
| CVE-2005-3909 | 1 Post Affiliate Pro | 1 Post Affiliate Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter.
|
|||||
| CVE-2006-2402 | 1 Outgun | 1 Outgun | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string.
|
|||||
| CVE-1999-0362 | 1 Ipswitch | 1 Ws Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
WS_FTP server remote denial of service through cwd command.
|
|||||
| CVE-2002-0482 | 1 Newlog | 1 Netsupport Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
|
|||||
| CVE-2004-1735 | 1 Sympa | 1 Sympa | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
|
|||||
| CVE-2004-2376 | 1 Twilight Utilities | 1 Twilight Utilities Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a long attfile attribute.
|
|||||
| CVE-2000-0185 | 1 Realnetworks | 2 Realserver, Realserver G2 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
|
|||||
| CVE-2005-0299 | 1 Gforge | 1 Gforge | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php.
|
|||||
| CVE-2004-1977 | 1 3com | 1 Webbngss3nbxnts | 2025-04-03 | 5.0 MEDIUM | N/A |
|
3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode.
|
|||||
| CVE-2003-0331 | 1 Ttcms | 1 Ttforum | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.
|
|||||
| CVE-1999-0305 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.
|
|||||
| CVE-2006-0903 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
|
|||||
| CVE-2001-0162 | 1 Microsoft | 1 Windows Embedded Compact | 2025-04-03 | 7.5 HIGH | N/A |
|
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
|
|||||
| CVE-2006-4063 | 1 Csaba Godor | 1 Sapid Blog Beta 2 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.
|
|||||
| CVE-1999-0920 | 1 University Of Washington | 2 Imap, Pop2d | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
|
|||||
| CVE-2006-4380 | 1 Mysql | 1 Mysql | 2025-04-03 | 2.1 LOW | N/A |
|
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
|
|||||
| CVE-2005-2277 | 1 Nokia | 1 Affix | 2025-04-03 | 10.0 HIGH | N/A |
|
Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename argument of a PUT command.
|
|||||
| CVE-2005-1025 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.
|
|||||
| CVE-2006-1248 | 1 Hp | 1 Hp-ux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
|
|||||
| CVE-2006-3049 | 1 Mole Group Ticket Booking Script | 1 Mole Group Ticket Booking Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php.
|
|||||
| CVE-2005-2225 | 1 Microsoft | 1 Msn Messenger Service | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.
|
|||||
| CVE-2006-4501 | 1 Ztml | 1 Ezportal Ztml Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.
|
|||||
| CVE-2003-1322 | 1 Atrium Software | 1 Mercur Mailserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
|
|||||
| CVE-2001-1561 | 2 Debian, John Bovey | 2 Debian Linux, Xvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.
|
|||||
| CVE-2004-2302 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.
|
|||||
| CVE-2003-1113 | 1 Iptel | 1 Sip Express Router | 2025-04-03 | 7.5 HIGH | N/A |
|
The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
|
|||||
| CVE-2000-1183 | 1 Nec | 1 Socks 5 | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
|
|||||
| CVE-2001-0996 | 1 Pop3lite | 1 Pop3lite | 2025-04-03 | 6.4 MEDIUM | N/A |
|
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
|
|||||
| CVE-2006-4425 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-1295 | 1 Include.cgi | 1 Include.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
|
|||||
| CVE-1999-0751 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
|
|||||
| CVE-2006-3768 | 1 Intervations | 1 Filecopa | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
|
|||||
| CVE-1999-1026 | 1 Sun | 1 Solaris | 2025-04-03 | 7.2 HIGH | N/A |
|
aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
|
|||||
| CVE-2002-0599 | 1 Blahz-dns | 1 Blahz-dns | 2025-04-03 | 10.0 HIGH | N/A |
|
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
|
|||||