Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2827 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 6.4 MEDIUM | 9.8 CRITICAL |
|
SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end d ...
Show More |
|||||
| CVE-2005-2431 | 1 Gforge | 1 Gforge | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
|
|||||
| CVE-2005-3923 | 1 Netobjects | 1 Netobjects Fusion | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site.
|
|||||
| CVE-2004-0093 | 1 Xfree86 Project | 1 X11r6 | 2025-04-03 | 7.5 HIGH | N/A |
|
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
|
|||||
| CVE-1999-1295 | 1 Transarc | 1 Dce Distributed File System | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS.
|
|||||
| CVE-2005-3134 | 1 Citrix | 1 Metaframe | 2025-04-03 | 7.5 HIGH | N/A |
|
Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).
|
|||||
| CVE-2004-1559 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
|
|||||
| CVE-2005-1684 | 1 Episodex | 1 Episodex Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.
|
|||||
| CVE-1999-0714 | 1 Digital | 1 Unix | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in Compaq Tru64 UNIX edauth command.
|
|||||
| CVE-2005-2444 | 1 Cerulean Studios | 1 Trillian Pro | 2025-04-03 | 2.1 LOW | N/A |
|
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
|
|||||
| CVE-2005-4417 | 3 Anycom, Belkin, Widcomm | 3 Blue Usb-130-250 Software, Bluetooth Software, Bluetooth For Windows | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.
|
|||||
| CVE-2004-0250 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.
|
|||||
| CVE-2005-0155 | 1 Larry Wall | 1 Perl | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
|
|||||
| CVE-2005-3095 | 1 Avi Alkalay | 1 Notify | 2025-04-03 | 7.5 HIGH | N/A |
|
Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter.
|
|||||
| CVE-2000-0585 | 1 Isc | 1 Dhcp Client | 2025-04-03 | 10.0 HIGH | N/A |
|
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
|
|||||
| CVE-2003-1133 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 2.1 LOW | N/A |
|
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
|
|||||
| CVE-2004-2187 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
|
|||||
| CVE-2005-1572 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083.
|
|||||
| CVE-2003-0398 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2025-04-03 | 7.5 HIGH | N/A |
|
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed.
|
|||||
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
|
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
|
|||||
| CVE-2006-0879 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
|
|||||
| CVE-2002-1849 | 1 Parachat | 1 Parachat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users.
|
|||||
| CVE-2000-0410 | 1 Allaire | 1 Coldfusion Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
|
|||||
| CVE-2001-0400 | 1 Matt Tourtillott | 1 Nph-maillist | 2025-04-03 | 7.5 HIGH | N/A |
|
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
|
|||||
| CVE-2002-0516 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 10.0 HIGH | N/A |
|
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
|
|||||
| CVE-2001-0659 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
|
|||||
| CVE-1999-0211 | 1 Sun | 1 Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
|
|||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2025-04-03 | 2.6 LOW | N/A |
|
Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
|
|||||
| CVE-2000-0787 | 1 Xchat | 1 Xchat | 2025-04-03 | 7.5 HIGH | N/A |
|
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.
|
|||||
| CVE-2003-0295 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
|
|||||
| CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
|
|||||
| CVE-2002-0165 | 1 Logwatch | 1 Logwatch | 2025-04-03 | 7.2 HIGH | N/A |
|
LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162.
|
|||||
| CVE-2002-1731 | 1 Ibm | 1 Os 400 | 2025-04-03 | 2.1 LOW | N/A |
|
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
|
|||||
| CVE-2000-0121 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 3.6 LOW | N/A |
|
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
|
|||||
| CVE-2003-0596 | 1 Fdclone | 1 Fdclone | 2025-04-03 | 3.6 LOW | N/A |
|
FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.
|
|||||
| CVE-2000-0012 | 1 Hughes | 1 Msql | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
|
|||||
| CVE-2005-4576 | 1 Fatwire | 1 Updateengine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters.
|
|||||
| CVE-2005-2645 | 1 Xerox | 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication.
|
|||||
| CVE-2002-0077 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.
|
|||||
| CVE-1999-1165 | 1 Gnu | 1 Fingerd | 2025-04-03 | 7.2 HIGH | N/A |
|
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
|
|||||