Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2577 | 1 Docebo | 1 Docebo | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2005-1855 | 2 Debian, Sukria | 2 Debian Linux, Backup Manager | 2025-04-03 | 2.1 LOW | N/A |
|
Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.
|
|||||
| CVE-2005-2636 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter.
|
|||||
| CVE-2000-0115 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
|
|||||
| CVE-2006-2819 | 1 Barnraiser | 1 Igloo | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter.
|
|||||
| CVE-2004-2393 | 1 Sun | 1 Jsse | 2025-04-03 | 7.5 HIGH | N/A |
|
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.
|
|||||
| CVE-2002-0499 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
|
|||||
| CVE-2006-3406 | 1 Qto | 1 Qtofilemanager | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter.
|
|||||
| CVE-2006-1680 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-03 | 2.6 LOW | N/A |
|
Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php.
|
|||||
| CVE-2005-2787 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
|
comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.
|
|||||
| CVE-2006-2847 | 1 Full Revolution | 1 Aspweblinks | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
|
|||||
| CVE-2005-3695 | 1 Litespeed Technologies | 1 Litespeed Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
|
|||||
| CVE-2006-0969 | 1 Pixelartkingdom | 1 Top Sites | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter.
|
|||||
| CVE-2005-3261 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2025-04-03 | 5.0 MEDIUM | N/A |
|
getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensitive information via a direct request.
|
|||||
| CVE-2001-1212 | 1 Aktivate | 1 Aktivate | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
|
|||||
| CVE-2005-1091 | 1 Maxthon | 1 Maxthon | 2025-04-03 | 7.5 HIGH | N/A |
|
Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.
|
|||||
| CVE-2001-0806 | 1 Apple | 1 Mac Os X | 2025-04-03 | 3.6 LOW | N/A |
|
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
|
|||||
| CVE-2005-0073 | 1 Debian | 1 Sympa | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
|
|||||
| CVE-1999-0260 | 1 Renaud Deraison | 1 Jj | 2025-04-03 | 7.5 HIGH | N/A |
|
The jj CGI program allows command execution via shell metacharacters.
|
|||||
| CVE-2005-2517 | 1 Apple | 2 Mac Os X, Safari | 2025-04-03 | 2.6 LOW | N/A |
|
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
|
|||||
| CVE-1999-0497 | 2025-04-03 | N/A | N/A | ||
|
Anonymous FTP is enabled.
|
|||||
| CVE-2005-0255 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
|
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.
|
|||||
| CVE-2005-3797 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
|
|||||
| CVE-2005-2504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
|
|||||
| CVE-2001-1365 | 1 Osi Codes Inc. | 1 Intragnat | 2025-04-03 | 7.5 HIGH | N/A |
|
Vulnerability in IntraGnat before 1.4.
|
|||||
| CVE-2005-2098 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.
|
|||||
| CVE-2006-1785 | 1 Adobe | 1 Document Server | 2025-04-03 | 2.1 LOW | N/A |
|
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.
|
|||||
| CVE-2005-3524 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
|
|||||
| CVE-2006-3195 | 1 Singapore | 1 Singapore | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter.
|
|||||
| CVE-2004-0287 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow.
|
|||||
| CVE-2005-0053 | 1 Microsoft | 8 Ie, Internet Explorer, Windows 2000 and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
|
|||||
| CVE-2000-1144 | 1 Recourse Technologies | 1 Mantrap | 2025-04-03 | 2.1 LOW | N/A |
|
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
|
|||||
| CVE-2005-3505 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
|
|||||
| CVE-2000-0152 | 1 Novell | 1 Bordermanager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.
|
|||||
| CVE-2005-3147 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2025-04-03 | 2.1 LOW | N/A |
|
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
|
|||||
| CVE-2000-0863 | 1 Listmanager | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.
|
|||||
| CVE-2004-0792 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
|
|||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 7.5 HIGH | N/A |
|
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
|
|||||
| CVE-2005-1347 | 1 Adobe | 1 Acrobat Reader | 2025-04-03 | 2.6 LOW | N/A |
|
** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, ...
Show More |
|||||
| CVE-2006-2130 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
|
|||||