Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2667 | 2 Broadcom, Ca | 24 Advantage Data Transport, Adviseit, Brightstor Portal and 21 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
|
|||||
| CVE-2006-2343 | 1 Adventnet | 1 Manageengine Opmanager | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2000-0035 | 1 Great Circle Associates | 1 Majordomo | 2025-04-03 | 4.6 MEDIUM | N/A |
|
resend command in Majordomo allows local users to gain privileges via shell metacharacters.
|
|||||
| CVE-2005-0514 | 1 Verity | 1 Verity Ultraseek | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.
|
|||||
| CVE-2002-2266 | 1 Netscreen | 1 Screenos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service (firewall session table consumption) by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours.
|
|||||
| CVE-2002-1608 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
|
|||||
| CVE-2001-0062 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
|
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
|
|||||
| CVE-2004-2324 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.
|
|||||
| CVE-2002-2106 | 1 Wikkitikkitavi | 1 Wikkitikkitavi | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.
|
|||||
| CVE-2000-1161 | 1 Adcycle | 1 Adcycle | 2025-04-03 | 7.5 HIGH | N/A |
|
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
|
|||||
| CVE-2003-1264 | 2 D-link, Longshine Technologie | 2 Di-614\+, Longshine Wireless Ethernet Access Point | 2025-04-03 | 5.0 MEDIUM | N/A |
|
TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.
|
|||||
| CVE-2006-1954 | 1 Nfec.de | 1 Rechnungszentrale | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field.
|
|||||
| CVE-2005-4751 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.
|
|||||
| CVE-2006-2358 | 1 Web-labs | 1 Web-labs Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-2892 | 1 Pblang | 1 Pblang | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
|
|||||
| CVE-2005-2330 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
|
|||||
| CVE-2006-3473 | 1 Drupal | 1 Form Mail Module | 2025-04-03 | 7.5 HIGH | N/A |
|
CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.
|
|||||
| CVE-2000-0713 | 1 Adobe | 3 Acrobat, Acrobat Business Tools, Acrobat Reader | 2025-04-03 | 7.6 HIGH | N/A |
|
Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
|
|||||
| CVE-2006-4004 | 1 Vbportal | 1 Vbportal | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
|
|||||
| CVE-2005-0977 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
|
|||||
| CVE-2002-1016 | 1 Adobe | 1 Digital Editions | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files.
|
|||||
| CVE-2006-3917 | 1 R. Corson | 1 Php Forge | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter.
|
|||||
| CVE-2004-2048 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
|
radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
|
|||||
| CVE-2005-3866 | 1 Wwwsearchsolutions | 1 Searchfeed Search Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.
|
|||||
| CVE-2006-4454 | 1 Hlstats | 1 Hlstats | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-2001-0808 | 1 Yngve Svendsen | 1 Gnatsweb | 2025-04-03 | 10.0 HIGH | N/A |
|
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
|
|||||
| CVE-2001-0520 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2025-04-03 | 7.5 HIGH | N/A |
|
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
|
|||||
| CVE-2002-0470 | 1 Phpnettoolpack | 1 Phpnettoolpack | 2025-04-03 | 7.2 HIGH | N/A |
|
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
|
|||||
| CVE-2001-1058 | 1 Wolfram Research | 1 Mathematica | 2025-04-03 | 7.5 HIGH | N/A |
|
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.
|
|||||
| CVE-2006-1924 | 1 Linpha | 1 Linpha | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2005-0911 | 1 E-xoops | 1 E-xoops | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
|
|||||
| CVE-2000-0142 | 1 Netopia | 1 Timbuktu Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
|
|||||
| CVE-2006-3414 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
|
|||||
| CVE-2006-1217 | 1 Dsportal | 1 Dspoll | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php.
|
|||||
| CVE-2005-1203 | 1 Egroupware | 1 Egroupware | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
|
|||||
| CVE-2005-2817 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
|
|||||
| CVE-2004-2062 | 1 Antiboard | 1 Antiboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.
|
|||||
| CVE-2006-4679 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
|
|||||
| CVE-2002-1559 | 1 Research Systems Inc. | 1 Ion Script | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
|
|||||
| CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.
|
|||||