Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2881 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory.
|
|||||
| CVE-2005-0567 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
|
|||||
| CVE-2001-1342 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
|
|||||
| CVE-2005-3629 | 1 Redhat | 1 Enterprise Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.
|
|||||
| CVE-2006-4320 | 1 Opensef Project | 1 Opensef | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-3681 | 1 Awstats | 1 Awstats | 2025-04-03 | 2.6 LOW | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.
|
|||||
| CVE-2006-0389 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
|
|||||
| CVE-2002-2003 | 1 Compaq | 1 Tru64 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap.
|
|||||
| CVE-2005-0747 | 1 Applyyourself | 1 I-class | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp.
|
|||||
| CVE-2002-1625 | 1 Macromedia | 1 Flash Player | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed.
|
|||||
| CVE-2006-0974 | 1 Battleaxe Software | 1 Bttlxeforum | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.
|
|||||
| CVE-2005-3251 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
|
|||||
| CVE-2005-2427 | 1 Elemental Software | 1 Cartwiz | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
|||||
| CVE-2003-0126 | 1 Multitech | 1 Routefinder 550 Vpn | 2025-04-03 | 7.5 HIGH | N/A |
|
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.
|
|||||
| CVE-2005-3973 | 1 Drupal | 1 Drupal | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.
|
|||||
| CVE-2002-1744 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
|
|||||
| CVE-2005-4167 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.
|
|||||
| CVE-2006-1147 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2025-04-03 | 4.0 MEDIUM | N/A |
|
The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name.
|
|||||
| CVE-2003-0391 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
|
|||||
| CVE-2005-1384 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
|
|||||
| CVE-2005-1719 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses.
|
|||||
| CVE-2005-2445 | 1 Early Impact | 1 Product Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter.
|
|||||
| CVE-2000-0365 | 1 Redhat | 1 Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.
|
|||||
| CVE-2005-4384 | 1 Citysoft | 1 Community Enterprise | 2025-04-03 | 6.4 MEDIUM | N/A |
|
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
|
|||||
| CVE-2000-0746 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.
|
|||||
| CVE-2000-1110 | 1 Ibm | 1 Net.data | 2025-04-03 | 5.0 MEDIUM | N/A |
|
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
|
|||||
| CVE-2005-2364 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.
|
|||||
| CVE-2001-0464 | 1 Crosswind | 1 Cyberscheduler | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
|
|||||
| CVE-2006-4009 | 1 Vwar | 1 Virtual War | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
|||||
| CVE-2006-0669 | 1 Gasoft | 1 Gas Forum Light | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
|
|||||
| CVE-2005-4692 | 1 Mroovca | 1 Mroovca Stats | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies.
|
|||||
| CVE-2005-1019 | 1 Aeon | 1 Aeon | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable.
|
|||||
| CVE-2005-3340 | 1 New Breed Software | 1 Tux Paint | 2025-04-03 | 7.2 HIGH | N/A |
|
The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.
|
|||||
| CVE-2001-0696 | 1 Netwin | 1 Surgeftp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
|
|||||
| CVE-2006-2749 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.
|
|||||
| CVE-2006-4778 | 1 Cchost | 1 Cchost | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information.
|
|||||
| CVE-2002-1139 | 1 Microsoft | 3 Windows 98 Plus Pack, Windows Me, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
|
|||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
|
|||||
| CVE-2005-3350 | 1 Libungif | 1 Libungif | 2025-04-03 | 7.5 HIGH | N/A |
|
libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.
|
|||||
| CVE-2003-0704 | 1 Kismac | 1 Kismac | 2025-04-03 | 7.2 HIGH | N/A |
|
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.
|
|||||