Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4549 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.
|
|||||
| CVE-2006-3002 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed.
|
|||||
| CVE-2001-0031 | 1 Broadvision | 1 One-to-one Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.
|
|||||
| CVE-2006-0799 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different.
|
|||||
| CVE-2005-3447 | 1 Oracle | 2 Application Server, Database Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08.
|
|||||
| CVE-2005-0421 | 1 Delphiturk | 1 Delphiturk Ftp | 2025-04-03 | 2.1 LOW | N/A |
|
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
|
|||||
| CVE-2006-1711 | 1 Plone | 1 Plone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
|
|||||
| CVE-2004-2207 | 1 Ideal Science | 1 Idealbb | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2003-0588 | 1 Digi-fx | 1 Digi-news | 2025-04-03 | 10.0 HIGH | N/A |
|
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.
|
|||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
|
|||||
| CVE-2005-2989 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.
|
|||||
| CVE-2006-3760 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message.
|
|||||
| CVE-2005-2193 | 1 Punbb | 1 Punbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.
|
|||||
| CVE-2004-2135 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
|
|||||
| CVE-2002-0309 | 1 Symantec | 1 Enterprise Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.
|
|||||
| CVE-2002-0407 | 1 Lotus | 1 Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
|
|||||
| CVE-2002-0991 | 1 Hp | 1 Cifs-9000 Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
|
|||||
| CVE-2000-0489 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2025-04-03 | 2.1 LOW | N/A |
|
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
|
|||||
| CVE-2002-1487 | 1 Cerulean Studios | 1 Trillian | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.
|
|||||
| CVE-2000-0194 | 1 Corel | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.
|
|||||
| CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
|
|||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
|||||
| CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2025-04-03 | 7.5 HIGH | N/A |
|
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host.
|
|||||
| CVE-2001-1560 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
|
|||||
| CVE-2004-0647 | 1 Shorewall | 1 Shorewall | 2025-04-03 | 4.6 MEDIUM | N/A |
|
shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.
|
|||||
| CVE-2005-0013 | 1 Ncpfs | 1 Ncpfs | 2025-04-03 | 7.2 HIGH | N/A |
|
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
|
|||||
| CVE-1999-0738 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
|
|||||
| CVE-2001-0731 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
|
|||||
| CVE-1999-1014 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.
|
|||||
| CVE-2000-0446 | 1 Marty Bochane | 1 Mdbms | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.
|
|||||
| CVE-2000-0964 | 1 Siemens | 1 Hinet Lp | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
|
|||||
| CVE-2001-1070 | 1 Sage Software | 1 Mas 200 | 2025-04-03 | 2.1 LOW | N/A |
|
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
|
|||||
| CVE-2004-0476 | 1 3com | 1 3cp4144 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.
|
|||||
| CVE-2006-0915 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error.
|
|||||
| CVE-2004-2425 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
|
|||||
| CVE-1999-0982 | 1 Sun | 2 Solaris, Web-based Enterprise Management | 2025-04-03 | 7.2 HIGH | N/A |
|
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
|
|||||
| CVE-2005-3060 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2005-0191 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.
|
|||||
| CVE-2006-4610 | 1 Graphiks | 1 Grapagenda | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.
|
|||||