Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2773 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | 6.4 MEDIUM | N/A |
| admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-1299 | 1 Vilistextum | 1 Vilistextum | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page. | |||||
| CVE-2004-2084 | 1 Jshop E-commerce | 2 Jshop Professional, Jshop Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter. | |||||
| CVE-2002-0583 | 1 Workforceroi | 1 Xpede | 2025-04-03 | 5.0 MEDIUM | N/A |
| WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. | |||||
| CVE-2006-4532 | 1 Bernard Pacques | 1 Yet Another Community System Cms | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter. | |||||
| CVE-1999-0704 | 3 Bsdi, Freebsd, Redhat | 3 Bsd Os, Freebsd, Linux | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. | |||||
| CVE-2001-0066 | 1 Kevin Lindsay | 1 Secure Locate | 2025-04-03 | 7.2 HIGH | N/A |
| Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer. | |||||
| CVE-2005-0856 | 1 Coolforum | 1 Coolforum | 2025-04-03 | 7.5 HIGH | N/A |
| CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-3253 | 2 Avaya, Proxim | 10 Wireless Ap-3, Wireless Ap-4, Wireless Ap-5 and 7 more | 2025-04-03 | 7.5 HIGH | N/A |
| Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. | |||||
| CVE-2006-2099 | 1 Ezb Systems | 1 Ultraiso | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2001-1235 | 1 Derek Leung | 1 Pslash | 2025-04-03 | 7.5 HIGH | N/A |
| pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. | |||||
| CVE-2001-0995 | 1 Phpprojekt | 1 Phpprojekt | 2025-04-03 | 7.5 HIGH | N/A |
| PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. | |||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | |||||
| CVE-2004-0972 | 2 Gentoo, Lvm | 2 Linux, Logical Volume Management Utilities | 2025-04-03 | 2.1 LOW | N/A |
| The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2005-1066 | 1 University Of Washington | 1 Pine | 2025-04-03 | 1.2 LOW | N/A |
| Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-0562 | 1 Drummond Miles | 1 A1stats | 2025-04-03 | 7.5 HIGH | N/A |
| a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters. | |||||
| CVE-2005-4176 | 1 Award | 1 Award Bios Modular | 2025-04-03 | 2.1 LOW | N/A |
| AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. | |||||
| CVE-2006-4507 | 1 Sony | 1 Playstation Portable | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. | |||||
| CVE-2006-0295 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-03 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | |||||
| CVE-2002-0604 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options. | |||||