Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2690 | 1 Newsphp | 1 Newsphp | 2025-04-03 | 8.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
|
|||||
| CVE-2005-1963 | 1 Cerberus | 1 Cerberus Helpdesk | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.
|
|||||
| CVE-2006-4155 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
|
|||||
| CVE-2000-1086 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
|
|||||
| CVE-2005-4523 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2000-0299 | 1 Apple | 1 Webobjects | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
|
|||||
| CVE-2005-3698 | 1 Php Easy Download | 1 Php Easy Download | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP Easy Download allows remote attackers to bypass authentication via edit.php.
|
|||||
| CVE-2002-0245 | 1 Lotus | 1 Domino | 2025-04-03 | 7.5 HIGH | N/A |
|
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
|
|||||
| CVE-2002-1247 | 2 Kde, Lisa | 3 Kde, Klisa, Lisa | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
|
|||||
| CVE-2005-3254 | 1 Nathan Neulinger | 1 Cgiwrap | 2025-04-03 | 10.0 HIGH | N/A |
|
The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.
|
|||||
| CVE-2006-1582 | 1 Blanknberg | 1 Blanknberg | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue.
|
|||||
| CVE-2004-2438 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.
|
|||||
| CVE-2005-2353 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.1 LOW | N/A |
|
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
|
|||||
| CVE-2006-0336 | 1 Kerio | 1 Winroute Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web".
|
|||||
| CVE-2006-4951 | 1 Neosys | 1 Neon Webmail | 2025-04-03 | 7.5 HIGH | N/A |
|
Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename.
|
|||||
| CVE-2001-1459 | 1 Openbsd | 1 Openssh | 2025-04-03 | 7.5 HIGH | N/A |
|
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
|
|||||
| CVE-2006-2812 | 1 Dominios Europa | 1 Picrate | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter.
|
|||||
| CVE-2000-0803 | 1 Gnu | 1 Groff | 2025-04-03 | 10.0 HIGH | N/A |
|
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
|
|||||
| CVE-2003-1062 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
|
|||||
| CVE-2004-2095 | 1 Niels Provos | 1 Honeyd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.
|
|||||
| CVE-1999-1408 | 2 Hp, Ibm | 2 Hp-ux, Aix | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
|
|||||
| CVE-2006-2747 | 1 Fredi Bach | 1 Phpmydesktop Arcade | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.
|
|||||
| CVE-2002-1374 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2025-04-03 | 7.5 HIGH | N/A |
|
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
|
|||||
| CVE-2006-0695 | 1 Ansilove | 1 Ansilove | 2025-04-03 | 7.5 HIGH | N/A |
|
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.
|
|||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2025-04-03 | 5.0 MEDIUM | N/A |
|
fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL.
|
|||||
| CVE-2003-0437 | 1 Mnogosearch | 1 Mnogosearch | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.
|
|||||
| CVE-2006-0410 | 1 John Lim | 1 Adodb | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
|
|||||
| CVE-2006-4234 | 1 Dotproject | 1 Dotproject | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
|
|||||
| CVE-2001-0060 | 1 Stunnel | 1 Stunnel | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.
|
|||||
| CVE-2005-3187 | 1 Bluecoat | 1 Winproxy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.
|
|||||
| CVE-2000-0168 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
|
|||||
| CVE-2004-0420 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 10.0 HIGH | N/A |
|
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.
|
|||||
| CVE-2002-1760 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
|
|||||
| CVE-2006-0732 | 1 Sap | 1 Business Connector | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker h ...
Show More |
|||||
| CVE-1999-1425 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
|
|||||
| CVE-2004-1829 | 1 Error Manager | 1 Php-nuke Module | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.
|
|||||
| CVE-2003-1521 | 1 Sun | 1 Java Plug-in | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
|
|||||
| CVE-2002-1828 | 1 Savant | 1 Savant Webserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
|
|||||
| CVE-2003-1323 | 1 Elm Development Group | 1 Elm | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
|
|||||
| CVE-2003-0248 | 1 Redhat | 1 Linux | 2025-04-03 | 10.0 HIGH | N/A |
|
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.
|
|||||