Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0827 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.
|
|||||
| CVE-2002-1555 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
|
|||||
| CVE-2006-0087 | 1 Lizard Cart | 1 Lizard Cart Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-1591 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
|
|||||
| CVE-2001-1149 | 1 Panda | 1 Panda Antivirus Platinum | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
|
|||||
| CVE-2004-1775 | 1 Cisco | 2 Catos, Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
|
|||||
| CVE-2001-0423 | 1 Sun | 1 Solaris | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
|
|||||
| CVE-2006-2246 | 1 Uapplication | 1 Ublog | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry.
|
|||||
| CVE-2006-3167 | 1 Free Realty | 1 Free Realty | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message.
|
|||||
| CVE-2006-2873 | 1 Enigma Haber | 1 Enigma Haber | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2000-0174 | 1 Sun | 1 Staroffice | 2025-04-03 | 5.0 MEDIUM | N/A |
|
StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
|
|||||
| CVE-1999-0576 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
|
A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories.
|
|||||
| CVE-2005-1358 | 1 Text.cgi | 1 Text.cgi | 2025-04-03 | 7.5 HIGH | N/A |
|
text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
|
|||||
| CVE-2001-1248 | 1 Vwebserver | 1 Vwebserver | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
|
|||||
| CVE-2001-1430 | 1 Cayman | 1 3220-h Dsl Router | 2025-04-03 | 7.5 HIGH | N/A |
|
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
|
|||||
| CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
|
|||||
| CVE-2006-1695 | 1 Fbida | 1 Fbida | 2025-04-03 | 1.2 LOW | N/A |
|
The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].
|
|||||
| CVE-2006-1245 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
|
|||||
| CVE-2002-1248 | 1 Northern Solutions | 1 Xeneo Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
|
|||||
| CVE-2006-3380 | 1 Freestyle | 1 Freestyle Wiki | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.
|
|||||
| CVE-1999-0285 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
|
|||||
| CVE-2006-2999 | 1 Okscripts | 1 Quicklinks | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
|
|||||
| CVE-1999-0859 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
|
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
|
|||||
| CVE-2005-2812 | 1 Man2web | 1 Man2web | 2025-04-03 | 7.5 HIGH | N/A |
|
man2web allows remote attackers to execute arbitrary commands via -P arguments.
|
|||||
| CVE-2000-0232 | 1 Microsoft | 3 Terminal Server, Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
|
|||||
| CVE-2005-2238 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
|
|||||
| CVE-2004-1574 | 1 Vypress | 1 Vypres Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field.
|
|||||
| CVE-2005-4219 | 1 Innovative Cms | 1 Innovative Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability.
|
|||||
| CVE-2003-1284 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe.
|
|||||
| CVE-2002-2178 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag.
|
|||||
| CVE-2000-1167 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | N/A |
|
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
|
|||||
| CVE-2005-0620 | 1 Bfriendly.com | 1 Einstein | 2025-04-03 | 2.1 LOW | N/A |
|
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
|
|||||
| CVE-2006-4208 | 1 Skippy.net | 1 Wp-db Backup Plugin For Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.
|
|||||
| CVE-2004-1495 | 1 Rarlab | 1 Winrar | 2025-04-03 | 2.6 LOW | N/A |
|
The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.
|
|||||
| CVE-2006-3418 | 1 Tor | 1 Tor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
|
|||||
| CVE-2004-1141 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.
|
|||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.
|
|||||
| CVE-2004-0710 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
|
|||||
| CVE-2005-2223 | 1 Mailenable | 2 Mailenable Professional, Mailenable Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
|
|||||
| CVE-2005-2722 | 1 Foojan | 1 Php Weblog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message.
|
|||||