Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0614 | 1 Carello | 1 E-commerce | 2025-04-03 | 7.5 HIGH | N/A |
|
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
|
|||||
| CVE-2006-2706 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts.
|
|||||
| CVE-2005-0002 | 1 Gentoo | 1 Poppassd Pam | 2025-04-03 | 10.0 HIGH | N/A |
|
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
|
|||||
| CVE-2001-0888 | 3 Atmel, Linksys, Netgear | 3 Firmware, Wap11, Me102 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
|
|||||
| CVE-2003-0759 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2003-0147 | 3 Openpkg, Openssl, Stunnel | 3 Openpkg, Openssl, Stunnel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
|
|||||
| CVE-2000-1118 | 1 24link | 1 24link | 2025-04-03 | 7.5 HIGH | N/A |
|
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
|
|||||
| CVE-2006-0098 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.
|
|||||
| CVE-2000-0529 | 1 Network Associates | 1 Net Tools Pki Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.
|
|||||
| CVE-2002-0797 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
|
|||||
| CVE-2002-0393 | 1 Red-m | 1 1050ap Lan Acess Point | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password.
|
|||||
| CVE-2005-0550 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
|
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
|
|||||
| CVE-2002-0254 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.
|
|||||
| CVE-2001-0616 | 1 Faust Informatics | 1 Freestyle Chat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
|
|||||
| CVE-2006-3993 | 1 Tsep | 1 Tsep | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.
|
|||||
| CVE-2001-0493 | 1 Max Feoktistov | 1 Small Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux.
|
|||||
| CVE-2005-4675 | 1 Complete Php Counter | 1 Complete Php Counter | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter.
|
|||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
|
|||||
| CVE-2000-1210 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
|
|||||
| CVE-2006-1336 | 1 Extcalendar | 1 Extcalendar | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters.
|
|||||
| CVE-1999-0731 | 1 Caldera | 1 Openlinux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The KDE klock program allows local users to unlock a session using malformed input.
|
|||||
| CVE-2005-4520 | 1 Mantis | 1 Mantis | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
|
|||||
| CVE-2006-2582 | 1 Rwiki | 1 Rwiki | 2025-04-03 | 7.5 HIGH | N/A |
|
The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.
|
|||||
| CVE-2004-2000 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
|
|||||
| CVE-2006-4498 | 1 Phpalbum.net | 1 Phpalbum | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.
|
|||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp.
|
|||||
| CVE-2002-0968 | 1 Analogx | 1 Simpleserver Www | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.
|
|||||
| CVE-2000-0826 | 1 Mobius | 1 Documentdirect For The Internet | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request.
|
|||||
| CVE-2001-0058 | 1 Cisco | 2 Broadband Operating System, Cisco 6xx Routers | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
|
|||||
| CVE-2005-2994 | 1 Ibm | 1 Rational Clearquest | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).
|
|||||
| CVE-2005-4497 | 1 Tangora | 1 Tangora Portal Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx.
|
|||||
| CVE-2004-1871 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.
|
|||||
| CVE-2001-0221 | 1 Freebsd | 1 Ja-xklock | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.
|
|||||
| CVE-2002-2000 | 1 Compaq | 1 Acms | 2025-04-03 | 2.1 LOW | N/A |
|
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
|
|||||
| CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2025-04-03 | 7.5 HIGH | N/A |
|
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
|
|||||
| CVE-2006-3218 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
|
|||||
| CVE-1999-1146 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.
|
|||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.
|
|||||
| CVE-2003-0773 | 1 Sane | 2 Sane, Sane-backend | 2025-04-03 | 7.5 HIGH | N/A |
|
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
|
|||||
| CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
|
|||||