Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1422 | 1 Jjwwebdesign | 1 Phpbookingcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
|
|||||
| CVE-2006-4907 | 1 Ohio State University | 1 Osu Httpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.
|
|||||
| CVE-2005-4079 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
|
|||||
| CVE-2006-4328 | 1 Cloudnine Interactive | 1 Links Manager | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
|
|||||
| CVE-2005-3774 | 1 Cisco | 1 Pix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
|
|||||
| CVE-2006-2489 | 1 Nagios | 1 Nagios | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
|
|||||
| CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
|
|||||
| CVE-2006-0414 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.
|
|||||
| CVE-2004-2645 | 1 Asn.1 Compiler | 1 Asn.1 Compiler | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."
|
|||||
| CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
|
|||||
| CVE-2005-1831 | 1 Todd Miller | 1 Sudo | 2025-04-03 | 7.2 HIGH | 8.4 HIGH |
|
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.
|
|||||
| CVE-2005-1642 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
|
|||||
| CVE-2005-1792 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.
|
|||||
| CVE-2005-1107 | 1 Mcafee | 1 Internet Security Suite | 2025-04-03 | 7.2 HIGH | N/A |
|
McAfee Internet Security Suite 2005 uses insecure default ACLs for installed files, which allows local users to gain privileges or disable protection by modifying certain files.
|
|||||
| CVE-2002-1475 | 1 Hp | 1 Tru64 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to "take over packets destined for another host" and cause a denial of service.
|
|||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2025-04-03 | 2.6 LOW | N/A |
|
nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2005-4053 | 1 Cowiki | 1 Cowiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html.
|
|||||
| CVE-2005-1213 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
|
|||||
| CVE-2000-0501 | 1 Alt-n | 1 Mdaemon | 2025-04-03 | 2.6 LOW | N/A |
|
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.
|
|||||
| CVE-2005-4584 | 1 Bzflag | 1 Bzflag Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character.
|
|||||
| CVE-2001-0839 | 1 Ibill Internet Billing Company | 1 Processing Plus | 2025-04-03 | 7.5 HIGH | N/A |
|
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
|
|||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
|
|||||
| CVE-2004-1847 | 1 Expinion.net | 1 News Manager Lite | 2025-04-03 | 7.5 HIGH | N/A |
|
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
|
|||||
| CVE-2001-0286 | 1 A1webserver | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
|
|||||
| CVE-2005-3972 | 1 Extreme Corporate | 1 Extreme Search | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
|||||
| CVE-2002-0664 | 1 Granite Software | 1 Zmerge | 2025-04-03 | 7.5 HIGH | N/A |
|
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
|
|||||
| CVE-2006-2813 | 1 Ishopcart | 1 Ishopcart | 2025-04-03 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
|
|||||
| CVE-2004-0775 | 1 Widcomm | 2 Bluetooth Communication Software, Btstackserver | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests.
|
|||||
| CVE-2006-4453 | 1 Pmwiki | 1 Pmwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
|
|||||
| CVE-2005-0655 | 1 Arif Supriyanto | 1 Auracms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.
|
|||||
| CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.
|
|||||
| CVE-2006-3399 | 1 Moniwiki | 1 Moniwiki | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.
|
|||||
| CVE-2005-1117 | 1 All4www | 1 All4www-homepagecreator | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-1999-0815 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
|
|||||
| CVE-2005-2987 | 1 Digital Scribe | 1 Digital Scribe | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2004-0674 | 1 Enterasys | 3 Xsr-1805, Xsr-1850, Xsr-3000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.
|
|||||
| CVE-2004-0494 | 2 Avaya, Redhat | 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.
|
|||||
| CVE-2004-0092 | 1 Apple | 1 Mac Os X | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
|
|||||
| CVE-2005-4374 | 1 Allinta | 1 Allinta | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.
|
|||||
| CVE-2006-4487 | 1 Duware | 1 Dupoll | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
|
|||||