Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2115 | 1 Oracle | 1 Http Server | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. | |||||
| CVE-2005-0605 | 8 Altlinux, Lesstif, Mandrakesoft and 5 more | 11 Alt Linux, Lesstif, Mandrake Linux and 8 more | 2025-04-03 | 7.5 HIGH | N/A |
| scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. | |||||
| CVE-2002-0305 | 1 Zero One Tech | 1 P100s | 2025-04-03 | 5.0 MEDIUM | N/A |
| Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge. | |||||
| CVE-2004-0758 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | |||||
| CVE-2005-4050 | 1 Multi-tech Systems | 1 Multivoip | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (SIP) packet. | |||||
| CVE-2006-2813 | 1 Ishopcart | 1 Ishopcart | 2025-04-03 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
| CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. | |||||
| CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | |||||
| CVE-2001-0495 | 1 Datawizard | 1 Webxq | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. | |||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | |||||
| CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 4.6 MEDIUM | N/A |
| Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
| CVE-2004-0633 | 4 Ethereal Group, Gentoo, Mandrakesoft and 1 more | 5 Ethereal, Linux, Mandrake Linux and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. | |||||
| CVE-2005-2441 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. | |||||
| CVE-2004-2454 | 1 Amsn | 1 Amsn | 2025-04-03 | 2.1 LOW | N/A |
| aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. | |||||
| CVE-2006-3392 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2025-04-03 | 5.0 MEDIUM | N/A |
| Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. | |||||
| CVE-2005-0666 | 1 The Pax Team | 1 Pax Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code. | |||||
| CVE-2006-0920 | 1 Oi | 1 Email Marketing System | 2025-04-03 | 1.7 LOW | N/A |
| Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password. | |||||
| CVE-2002-1134 | 1 Hp | 1 Webes Service Tools | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 (Service Pack 5) allows local users to read privileged files. | |||||
| CVE-2006-0128 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. | |||||
| CVE-2003-0977 | 2 Cvs, Slackware | 2 Cvs, Slackware Linux | 2025-04-03 | 7.5 HIGH | N/A |
| CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. | |||||