Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0736 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
|
|||||
| CVE-1999-0919 | 1 Motorola | 1 Motorola Cablerouter | 2025-04-03 | 10.0 HIGH | N/A |
|
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
|
|||||
| CVE-2005-1051 | 1 Punbb | 1 Punbb | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.
|
|||||
| CVE-2006-4675 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.
|
|||||
| CVE-2006-1107 | 1 Nmdeluxe | 1 Nmdeluxe | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter.
|
|||||
| CVE-2003-0404 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
|
|||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability.
|
|||||
| CVE-2003-0636 | 1 Novell | 1 Ichain | 2025-04-03 | 7.5 HIGH | N/A |
|
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites.
|
|||||
| CVE-2006-0349 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php.
|
|||||
| CVE-2000-1098 | 1 Sonicwall | 1 Soho Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
|
|||||
| CVE-1999-1551 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
|
|||||
| CVE-2006-2571 | 1 Alkacon | 1 Opencms | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.
|
|||||
| CVE-2004-2170 | 1 Niti Telecom | 1 Caravan Business Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter.
|
|||||
| CVE-2006-1745 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-2574 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.
|
|||||
| CVE-2004-1313 | 1 Webroot Software | 1 My Firewall Plus | 2025-04-03 | 7.2 HIGH | N/A |
|
The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.
|
|||||
| CVE-2000-0279 | 1 Be | 1 Beos | 2025-04-03 | 5.0 MEDIUM | N/A |
|
BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.
|
|||||
| CVE-2006-4295 | 1 Panda | 1 Panda Activescan | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
|||||
| CVE-2000-1136 | 1 Debian | 1 Elvis Tiny | 2025-04-03 | 4.6 MEDIUM | N/A |
|
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.
|
|||||
| CVE-2006-4446 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
|
|||||
| CVE-2006-2333 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
|
|||||
| CVE-1999-1352 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.
|
|||||
| CVE-1999-0361 | 2025-04-03 | 10.0 HIGH | N/A | ||
|
NetWare version of LaserFiche stores usernames and passwords unencrypted, and allows administrative changes without logging.
|
|||||
| CVE-2005-0150 | 1 Mozilla | 1 Firefox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-4559 | 1 Bernard Pacques | 1 Yet Another Community System Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is ...
Show More |
|||||
| CVE-2004-2060 | 1 Xlinesoft | 1 Asprunner | 2025-04-03 | 5.0 MEDIUM | N/A |
|
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
|
|||||
| CVE-2001-1116 | 1 Identix | 1 Biologon | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
|
|||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
|
|||||
| CVE-1999-1175 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
|
|||||
| CVE-2005-4574 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.
|
|||||
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked ...
Show More |
|||||
| CVE-1999-0161 | 1 Cisco | 1 Ios | 2025-04-03 | 7.5 HIGH | N/A |
|
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
|
|||||
| CVE-2006-0431 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
|
|||||
| CVE-2002-0112 | 1 Etype | 1 Eserv | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL.
|
|||||
| CVE-2003-0479 | 1 Affordable Web Space Design | 1 Affordable Web Space Design Webbbs | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields.
|
|||||
| CVE-2004-0307 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead.
|
|||||
| CVE-2001-0970 | 1 Tdavid | 1 Td Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script.
|
|||||
| CVE-2006-2007 | 1 Winny | 1 Winny | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port.
|
|||||
| CVE-1999-0128 | 5 Digital, Ibm, Linux and 2 more | 9 Osf 1, Aix, Sng and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
|
|||||
| CVE-2004-0583 | 3 Debian, Usermin, Webmin | 3 Debian Linux, Usermin, Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
|
|||||