Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0399 | 1 Gnu | 1 Tar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | |||||
| CVE-2005-4746 | 1 Freeradius | 1 Freeradius | 2025-04-03 | 7.8 HIGH | N/A |
| Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". | |||||
| CVE-1999-1032 | 1 Digital | 1 Ultrix | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. | |||||
| CVE-2003-0686 | 2 Dave Airlie, Redhat | 2 Pam Smb, Pam Smb | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code. | |||||
| CVE-2006-0366 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag. | |||||
| CVE-2006-2979 | 1 Viart | 1 Shop | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. | |||||
| CVE-1999-0395 | 1 Backweb Technologies | 1 Backweb Polite Agent Protocol | 2025-04-03 | 5.1 MEDIUM | N/A |
| A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. | |||||
| CVE-2005-1177 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | |||||
| CVE-2005-1452 | 1 S9y | 1 Serendipity | 2025-04-03 | 10.0 HIGH | N/A |
| Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | |||||
| CVE-2000-0096 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command. | |||||
| CVE-2004-2212 | 1 Alivesites | 1 Alivesites Forum | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter. | |||||
| CVE-1999-1459 | 1 Bmc | 1 Patrol Agent | 2025-04-03 | 7.2 HIGH | N/A |
| BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file. | |||||
| CVE-2006-3307 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | |||||
| CVE-2006-3030 | 1 Dwzone | 1 Dwzone Shopping Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp. | |||||
| CVE-2000-1152 | 1 Be | 1 Beos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. | |||||
| CVE-2005-4277 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2004-0731 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | |||||
| CVE-2006-4347 | 1 Jiran | 2 Cool Manager, Cool Messenger Office School Server | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2004-2682 | 1 Peersec Networks | 1 Matrixssl | 2025-04-03 | 5.8 MEDIUM | N/A |
| PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147. | |||||
| CVE-2004-2369 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command. | |||||