Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1037 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
|
|||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.
|
|||||
| CVE-2002-0571 | 1 Oracle | 1 Oracle9i | 2025-04-03 | 7.5 HIGH | N/A |
|
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
|
|||||
| CVE-2006-0658 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
|
|||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2025-04-03 | 2.1 LOW | N/A |
|
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
|
|||||
| CVE-2001-1227 | 1 Zope | 1 Zope | 2025-04-03 | 7.5 HIGH | N/A |
|
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
|
|||||
| CVE-2002-0462 | 1 Big Sam | 1 Big Sam | 2025-04-03 | 6.4 MEDIUM | N/A |
|
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
|
|||||
| CVE-2006-2015 | 1 Web-provence | 1 Sl Site | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names.
|
|||||
| CVE-2000-1079 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
|
|||||
| CVE-2005-1167 | 1 Musicmatch | 1 Jukebox | 2025-04-03 | 2.1 LOW | N/A |
|
Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information.
|
|||||
| CVE-2003-1054 | 1 Mod Access Referer | 1 Mod Access Referer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
|
|||||
| CVE-1999-1552 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.
|
|||||
| CVE-2000-0147 | 1 Sco | 1 Openserver | 2025-04-03 | 2.1 LOW | N/A |
|
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
|
|||||
| CVE-1999-0137 | 1 Fred N. Van Kempen | 1 Dip | 2025-04-03 | 7.2 HIGH | N/A |
|
The dip program on many Linux systems allows local users to gain root access via a buffer overflow.
|
|||||
| CVE-2006-1128 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
|
|||||
| CVE-2005-2325 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to (1) ticker.php, (2) menu.php, (3) banned.php, (4) endlayout.php, (5) randomhlinesblock.php, (6) showlast.php, (7) showlast5class1.php, (8) showlast5phorum.php, (9) showlast5phorumblock.php, (10) showlastforumbb2.php, or (11) showlastforumbb2block.php.
|
|||||
| CVE-2004-0832 | 1 Squid | 1 Squid | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.
|
|||||
| CVE-2004-2128 | 1 Brs | 1 Webweaver | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.
|
|||||
| CVE-2004-1008 | 2 Putty, Tortoisecvs | 2 Putty, Tortoisecvs | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
|
|||||
| CVE-2006-0360 | 1 Mpm | 1 Hp-180w Voip Wifi Phone | 2025-04-03 | 6.4 MEDIUM | N/A |
|
MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
|
|||||
| CVE-2002-0887 | 1 Caldera | 1 Openserver | 2025-04-03 | 2.1 LOW | N/A |
|
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.
|
|||||
| CVE-2006-0539 | 1 Thibault Godouet | 1 Fcron | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."
|
|||||
| CVE-2005-3280 | 1 Paros | 1 Paros | 2025-04-03 | 7.5 HIGH | N/A |
|
Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges.
|
|||||
| CVE-2005-0942 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port.
|
|||||
| CVE-1999-1015 | 1 Apple | 1 Appleshare Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.
|
|||||
| CVE-2005-2156 | 1 Phpnews | 1 Phpnews | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter.
|
|||||
| CVE-2004-2377 | 1 Alcatel | 2 Omniswitch, Omniswitch 7800 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
|
|||||
| CVE-2000-0914 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
|
|||||
| CVE-2006-2874 | 1 Osads Alliance Database | 1 Osads Alliance Database | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments.
|
|||||
| CVE-2006-0234 | 1 Microblog | 1 Microblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
|
|||||
| CVE-2006-0532 | 1 Media2 Cms | 1 Shop | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute.
|
|||||
| CVE-2004-1700 | 1 Pinnacle Systems | 1 Showcenter | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message.
|
|||||
| CVE-2006-4046 | 1 Open Cubic Player | 1 Open Cubic Player | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
|
|||||
| CVE-2004-1061 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
|
|||||
| CVE-2000-1147 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
|
|||||
| CVE-2005-4494 | 1 Spip | 1 Spip | 2025-04-03 | 2.6 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
|
|||||
| CVE-2006-4922 | 1 Siteatschool | 1 Siteatschool | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
|
|||||
| CVE-2001-1213 | 1 Datawizard | 1 Ftpxq | 2025-04-03 | 6.4 MEDIUM | N/A |
|
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
|
|||||
| CVE-2002-0686 | 1 Iplanet | 1 Iplanet Web Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter.
|
|||||
| CVE-2004-1814 | 1 Vocaltec | 1 Vgw4 8 Telephony Gateway | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request, as demonstrated using home.asp.
|
|||||