Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1223 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field.
|
|||||
| CVE-2002-1138 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
|
|||||
| CVE-2003-0550 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
|
|||||
| CVE-2005-1293 | 1 Storeportal | 1 Storeportal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
|
|||||
| CVE-2005-0217 | 1 Invision Power Services | 1 Invision Community Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.
|
|||||
| CVE-2003-0524 | 1 Knoppix | 1 Knoppix | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory.
|
|||||
| CVE-2004-2660 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.9 MEDIUM | N/A |
|
Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
|
|||||
| CVE-2006-2098 | 1 Php Thumbnail Autoindex | 1 Php Thumbnail Autoindex | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html.
|
|||||
| CVE-2004-2357 | 1 Proofpoint | 1 Proofpoint Protection Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.
|
|||||
| CVE-2004-2234 | 1 Moodle | 1 Moodle | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
|
|||||
| CVE-2002-0729 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
|
|||||
| CVE-2001-0181 | 1 Caldera | 3 Openlinux Desktop, Openlinux Edesktop, Openlinux Eserver | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2005-1360 | 1 Graycms | 1 Graycms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2003-0207 | 1 Gs-common | 1 Gs-common | 2025-04-03 | 2.1 LOW | N/A |
|
ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.
|
|||||
| CVE-2005-3308 | 1 Zomplog | 1 Zomplog | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.
|
|||||
| CVE-2002-1561 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
|
|||||
| CVE-2005-4464 | 1 Ingate | 2 Ingate Firewall, Siparator | 2025-04-03 | 7.8 HIGH | N/A |
|
Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet for a TCP stream, which requires an RST packet in response.
|
|||||
| CVE-2006-1268 | 1 Funkwerk | 1 X2300 | 2025-04-03 | 7.8 HIGH | N/A |
|
The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
|
|||||
| CVE-2001-1081 | 2 Lucent, Simon Horms | 2 Radius, Radius | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
|
|||||
| CVE-2005-4525 | 1 Sygate Technologies | 1 Protection Agent | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch.
|
|||||
| CVE-2000-0599 | 1 Imesh.com | 1 Imesh | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.
|
|||||
| CVE-2005-0110 | 1 Microsoft | 1 Ie | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
|
|||||
| CVE-2002-0064 | 2 Bindview, Funk Software | 2 Netrc, Funk Software Proxy | 2025-04-03 | 7.2 HIGH | N/A |
|
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.
|
|||||
| CVE-2005-4816 | 1 Proftpd Project | 1 Proftpd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
|
|||||
| CVE-2005-4727 | 1 Martin Bauer | 1 Gbook | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field.
|
|||||
| CVE-2006-3073 | 1 Cisco | 2 Asa 5500, Vpn 3000 Concentrator Series Software | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by t ...
Show More |
|||||
| CVE-2004-0963 | 1 Microsoft | 1 Word | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
|
|||||
| CVE-2003-0783 | 1 Yongguang Zhang | 1 Hztty | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.
|
|||||
| CVE-2003-1509 | 1 Realnetworks | 2 Realone Enterprise Desktop, Realone Player | 2025-04-03 | 10.0 HIGH | N/A |
|
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
|
|||||
| CVE-2002-1009 | 1 Summit Computer Networks | 1 Lil Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters.
|
|||||
| CVE-2000-0776 | 1 Mediahouse Software | 1 Statistics Server Livestats | 2025-04-03 | 7.5 HIGH | N/A |
|
Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.
|
|||||
| CVE-2005-1382 | 1 Oracle | 1 Application Server Web Cache | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.
|
|||||
| CVE-2006-1412 | 1 Tft Gallery | 1 Tft Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.
|
|||||
| CVE-2004-2601 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 6.4 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.
|
|||||
| CVE-2004-0543 | 1 Oracle | 2 Applications, E-business Suite | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.
|
|||||
| CVE-2005-1183 | 1 Mvnforum | 1 Mvnforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
|
|||||
| CVE-1999-0928 | 1 Smartdesk | 1 Websuite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL.
|
|||||
| CVE-2005-1637 | 1 Npds | 1 Npds | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php.
|
|||||
| CVE-2005-0997 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function.
|
|||||
| CVE-2006-2176 | 1 Php Design X | 1 Php Linkliste | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter.
|
|||||