Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2691 | 1 3com | 3 3c17205-us, 3c17210-us, Superstack 3 Switch | 2025-04-03 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
|
|||||
| CVE-2001-0482 | 1 Argus Systems | 1 Pitbull Lx | 2025-04-03 | 7.2 HIGH | N/A |
|
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.
|
|||||
| CVE-2006-0182 | 1 Acal | 1 Calendar Project | 2025-04-03 | 7.5 HIGH | N/A |
|
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".
|
|||||
| CVE-2006-4707 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
|
|||||
| CVE-2005-1583 | 1 1two | 1 1two News | 2025-04-03 | 5.0 MEDIUM | N/A |
|
1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.
|
|||||
| CVE-2004-1418 | 1 Wirtualna Polska | 1 Wpkontakt | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated.
|
|||||
| CVE-2002-0771 | 1 Viewcvs | 1 Viewcvs | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
|
|||||
| CVE-2006-1382 | 1 Jelsoft | 1 Impex | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter.
|
|||||
| CVE-2002-0544 | 1 Aprelium Technologies | 1 Abyss Web Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administrative console password in plaintext in the abyss.conf file, which allows local users with access to the file to gain privileges.
|
|||||
| CVE-2005-4595 | 1 Gentoo | 2 Nview, Xnview | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
|
|||||
| CVE-2001-0099 | 1 Brian Stanback | 1 Bsguest.cgi | 2025-04-03 | 10.0 HIGH | N/A |
|
bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
|
|||||
| CVE-2003-0763 | 1 Squished Mosquito | 1 Escapade | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.
|
|||||
| CVE-2005-2101 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
|
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
|
|||||
| CVE-2004-0708 | 1 Moinmoin | 1 Moinmoin | 2025-04-03 | 7.5 HIGH | N/A |
|
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
|
|||||
| CVE-2006-3289 | 1 Cisco | 1 Wireless Control System | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
|
|||||
| CVE-2002-2175 | 1 Php | 1 Phpsquidpass | 2025-04-03 | 4.0 MEDIUM | N/A |
|
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
|
|||||
| CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.
|
|||||
| CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
|
|||||
| CVE-2001-0260 | 1 Lotus | 1 Domino Mail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command.
|
|||||
| CVE-2006-1773 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php.
|
|||||
| CVE-2005-3763 | 1 Exponent | 1 Exponent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
|
|||||
| CVE-2003-0454 | 1 Joe Rumsey | 1 Xgalaga | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable.
|
|||||
| CVE-2000-0625 | 1 Netzero | 1 Zeroport | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
|
|||||
| CVE-2004-1793 | 1 Yatsoft | 1 Switch Off | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm.
|
|||||
| CVE-2002-1740 | 1 Alt-n | 2 Mdaemon, Worldclient | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).
|
|||||
| CVE-2005-0450 | 1 Sami | 1 Sami Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) "%2e%2e" (encoded dot dot) sequences.
|
|||||
| CVE-2001-1255 | 2 Mysql, Oracle | 2 Winmysqladmin, Mysql | 2025-04-03 | 4.6 MEDIUM | N/A |
|
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
|
|||||
| CVE-2003-0812 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
|
|||||
| CVE-2000-0180 | 1 Generation Terrorists Designs And Concepts | 1 Sojourn | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2004-1853 | 1 Atari | 1 Terminator 3 War Of The Machines | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable.
|
|||||
| CVE-2005-3094 | 1 Avi Alkalay | 1 Man Cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter.
|
|||||
| CVE-2006-2764 | 1 Xander Ladage | 1 Guestbookxl | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php.
|
|||||
| CVE-2004-1395 | 1 Monolith Productions | 3 Contract Jack, No One Lives Forever 2, Tron | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in condit ...
Show More |
|||||
| CVE-2006-3853 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
|
|||||
| CVE-2002-0907 | 1 Nullsoft | 1 Shoutcast Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
|
|||||
| CVE-2006-4491 | 1 Cybozu | 5 Collaborex, Cybozu Ag, Cybozu Pocket and 2 more | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2005-2009 | 1 Ublog | 1 Reload | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp.
|
|||||
| CVE-2006-1451 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
|
|||||
| CVE-2005-4602 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
|
|||||