Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0129 | 1 Berlios | 1 Konversation | 2025-04-03 | 7.5 HIGH | N/A |
|
The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.
|
|||||
| CVE-1999-1235 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.
|
|||||
| CVE-2006-2132 | 1 Duware | 1 Duclassified | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2003-0170 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
|
|||||
| CVE-2002-0486 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 7.2 HIGH | N/A |
|
Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
|
|||||
| CVE-2005-0367 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter.
|
|||||
| CVE-2005-3796 | 1 Alstrasoft | 1 Affiliate Network Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.
|
|||||
| CVE-1999-0637 | 2025-04-03 | N/A | N/A | ||
|
The systat service is running.
|
|||||
| CVE-2004-2317 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
|
|||||
| CVE-2005-3130 | 1 Lucidcms | 1 Lucidcms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.
|
|||||
| CVE-2004-0528 | 1 Netscape | 1 Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
|
|||||
| CVE-2005-1585 | 1 Open Solution | 1 Quick.forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.
|
|||||
| CVE-2006-1347 | 1 Greg Neustaetter | 1 Gcards | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2004-0736 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
|
|||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
|
|||||
| CVE-2005-4636 | 1 Openoffice | 1 Openoffice | 2025-04-03 | 4.6 MEDIUM | N/A |
|
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
|
|||||
| CVE-2006-0116 | 1 Inetstore | 1 Inetstore Online | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter.
|
|||||
| CVE-2006-2499 | 1 Xfairguy | 1 Codeavalanche News | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.
|
|||||
| CVE-2001-1555 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
|
|||||
| CVE-2005-1673 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.
|
|||||
| CVE-1999-0297 | 5 Bsdi, Freebsd, Netbsd and 2 more | 5 Bsd Os, Freebsd, Netbsd and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
|
|||||
| CVE-2006-0365 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.
|
|||||
| CVE-2004-1879 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.
|
|||||
| CVE-2004-2460 | 1 Gnu | 1 Gnubiff | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.
|
|||||
| CVE-2005-4362 | 1 Komodo | 1 Komodo Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2001-0691 | 1 University Of Washington | 1 Imapd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
|
|||||
| CVE-2004-2291 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
|
|||||
| CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2025-04-03 | 7.5 HIGH | N/A |
|
The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
|
|||||
| CVE-2006-3999 | 1 Iss | 1 Blackice Pc Protection | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
|
|||||
| CVE-2006-4507 | 1 Sony | 1 Playstation Portable | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.
|
|||||
| CVE-2005-3652 | 1 Citrix | 1 Ica Program Neighborhood Client | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
|
|||||
| CVE-2005-3389 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
|
|||||
| CVE-2005-2255 | 1 Gianluca Baldo | 1 Phpauction | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
|
|||||
| CVE-2002-1088 | 1 Novell | 1 Groupwise | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
|
|||||
| CVE-2001-0491 | 1 Team Johnlong | 1 Raidenftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.
|
|||||
| CVE-2004-0924 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
|
|||||
| CVE-2002-1830 | 1 Openbb | 1 Openbb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
|
|||||
| CVE-2000-0549 | 2 Cygnus, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
|
|||||
| CVE-2004-0451 | 2 Debian, Sup | 2 Debian Linux, Sup | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
|
|||||
| CVE-2006-1761 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
|
|||||