Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2049 | 1 Dcscripts | 1 Dcforumlite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.
|
|||||
| CVE-2001-0425 | 1 Adcycle | 1 Adcycle | 2025-04-03 | 7.5 HIGH | N/A |
|
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
|
|||||
| CVE-2002-1099 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
|
|||||
| CVE-2000-0394 | 1 Axent | 1 Netprowler | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
|
|||||
| CVE-2006-3428 | 1 Tigertom Scripts | 1 Ttcalc Script | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php.
|
|||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
|
|||||
| CVE-1999-0006 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
|
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
|
|||||
| CVE-1999-1409 | 2 Netbsd, Sgi | 2 Netbsd, Irix | 2025-04-03 | 2.1 LOW | N/A |
|
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
|
|||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-2006-4620 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account.
|
|||||
| CVE-2002-2074 | 1 Erwin Lansing | 1 Mailidx | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page.
|
|||||
| CVE-1999-1528 | 1 Prosoft Engineering | 1 Netware Client | 2025-04-03 | 4.6 MEDIUM | N/A |
|
ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session.
|
|||||
| CVE-2005-4797 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
|
|||||
| CVE-2005-3842 | 1 Pdjkeelan.com | 1 Pdjk-support Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters.
|
|||||
| CVE-2006-1586 | 1 Internet Solutions Professionals | 1 Site Man | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter.
|
|||||
| CVE-2005-3107 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.
|
|||||
| CVE-2006-2709 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server.
|
|||||
| CVE-2000-0119 | 2 Mcafee, Symantec | 2 Virusscan, Norton Antivirus | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
|
|||||
| CVE-2001-0910 | 1 Emc | 1 Networker | 2025-04-03 | 7.5 HIGH | N/A |
|
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
|
|||||
| CVE-2001-0455 | 1 Cisco | 1 Aironet 340 | 2025-04-03 | 7.5 HIGH | N/A |
|
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
|
|||||
| CVE-2006-2996 | 1 Lovecompass | 1 Aepartner | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter.
|
|||||
| CVE-2006-0941 | 1 Cynical Games | 1 Shoutlive | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages.
|
|||||
| CVE-2006-3465 | 1 Libtiff | 1 Libtiff | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
|
|||||
| CVE-2001-1196 | 1 Webmin | 1 Webmin | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
|
|||||
| CVE-2004-0275 | 1 Bosdev | 1 Bosdates | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.
|
|||||
| CVE-2002-0778 | 1 Cisco | 8 Cache Engine 505, Cache Engine 550, Cache Engine 570 and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
|
|||||
| CVE-2006-0660 | 1 Farsinews | 1 Farsinews | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
|
|||||
| CVE-1999-1208 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2000-1087 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
|
|||||
| CVE-2002-1327 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
|
|||||
| CVE-2006-4848 | 1 Hitweb | 1 Hitweb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php. NOTE: this issue has been disputed by a third party researcher, stating that REP_CLASS is initial ...
Show More |
|||||
| CVE-1999-0081 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
wu-ftp allows files to be overwritten via the rnfr command.
|
|||||
| CVE-2003-0585 | 1 Brooky | 1 Estore | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
|
|||||
| CVE-2006-2549 | 1 Pdf Tools Ag | 1 Pdf Form Filling And Flattening Tool | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names.
|
|||||
| CVE-2001-1242 | 1 Steve Grimm | 1 Un-cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
|
|||||
| CVE-2001-0010 | 1 Isc | 1 Bind | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
|
|||||
| CVE-1999-1541 | 1 Cactus Software | 1 Shell-lock | 2025-04-03 | 7.2 HIGH | N/A |
|
shell-lock in Cactus Software Shell Lock allows local users to read or modify decoded shell files before they are executed, via a symlink attack on a temporary file.
|
|||||
| CVE-2006-2866 | 1 Dotclear | 1 Dotclear | 2025-04-03 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.
|
|||||
| CVE-2001-1140 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
|
|||||
| CVE-2006-3671 | 1 Hyper Estraier | 1 Hyper Estraier | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors.
|
|||||