Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1416 | 1 Xigla | 1 Absolute Faq Manager .net | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter.
|
|||||
| CVE-2005-0825 | 1 Lgames | 1 Ltris | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file.
|
|||||
| CVE-2004-1716 | 1 Powie | 1 Pforum | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
|
|||||
| CVE-2005-2379 | 1 Oracle | 1 Reports | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
|
|||||
| CVE-2006-0085 | 1 Nkads | 1 Nkads | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters.
|
|||||
| CVE-2003-0209 | 2 Smoothwall, Sourcefire | 2 Smoothwall, Snort | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
|
|||||
| CVE-2006-1909 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
|
|||||
| CVE-2005-2971 | 1 Kde | 1 Koffice | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
|
|||||
| CVE-2005-3216 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
|
|||||
| CVE-1999-1527 | 1 Sun | 2 Forte, Netbeans Developer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.
|
|||||
| CVE-2006-2463 | 1 Out Of The Trees Web Design | 1 Selectapix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.
|
|||||
| CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2025-04-03 | 7.2 HIGH | N/A |
|
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
|
|||||
| CVE-2002-0402 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.
|
|||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-2004-0563 | 1 Freenet6 | 1 Freenet6 | 2025-04-03 | 2.1 LOW | N/A |
|
The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.
|
|||||
| CVE-2003-1172 | 1 Apache | 1 Cocoon | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2000-0878 | 1 Ranson Johnson | 1 Mailto Cgi Script | 2025-04-03 | 7.5 HIGH | N/A |
|
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.
|
|||||
| CVE-2006-1707 | 1 Kansok Communications | 1 Shopweezle | 2025-04-03 | 5.0 MEDIUM | N/A |
|
index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter.
|
|||||
| CVE-2001-0437 | 1 Dcscripts | 2 Dcforum, Dcforum 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
|
|||||
| CVE-2000-0759 | 1 Apache | 1 Tomcat | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
|
|||||
| CVE-2006-3902 | 1 Phpfaber | 1 Topsites | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-1999-1186 | 3 Redhat, Rxvt, Slackware | 3 Linux, Rxvt, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
|
|||||
| CVE-2006-4281 | 1 Arthur Konze Webdesign | 1 Akocomment | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-1999-0554 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
NFS exports system-critical data to the world, e.g. / or a password file.
|
|||||
| CVE-2002-0185 | 1 Apache | 1 Mod Python | 2025-04-03 | 7.5 HIGH | N/A |
|
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
|
|||||
| CVE-2001-0776 | 1 Dynfx | 1 Dynfx Mailserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service.
|
|||||
| CVE-2006-1444 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services.
|
|||||
| CVE-1999-0331 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Internet Explorer 4.0(1).
|
|||||
| CVE-1999-0913 | 1 Network Security Wizards | 1 Dragon-fire Ids | 2025-04-03 | 10.0 HIGH | N/A |
|
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters.
|
|||||
| CVE-1999-0880 | 2 Bsdi, Caldera | 2 Bsd Os, Openlinux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.
|
|||||
| CVE-2002-1528 | 1 Mondosoft | 1 Mondosearch | 2025-04-03 | 5.0 MEDIUM | N/A |
|
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.
|
|||||
| CVE-2004-0658 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.
|
|||||
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2025-04-03 | 5.0 MEDIUM | N/A |
|
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.
|
|||||
| CVE-2006-1270 | 1 Inprotect | 1 Inprotect | 2025-04-03 | 3.5 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2005-1856 | 1 Sukria | 1 Backup Manager | 2025-04-03 | 2.1 LOW | N/A |
|
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack.
|
|||||
| CVE-2002-0941 | 1 Ncipher | 2 Nforce, Nshield | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
|
|||||
| CVE-2006-3077 | 1 Axent | 1 Axentguestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.
|
|||||
| CVE-2005-2374 | 1 Belkin | 1 Belkin 54g Wireless Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces.
|
|||||
| CVE-2005-2400 | 1 Phpfinance | 1 Phpfinance | 2025-04-03 | 7.5 HIGH | N/A |
|
The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges.
|
|||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
|
|||||