Total
29557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2743 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
| The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0950 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 7.5 HIGH | N/A |
| PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file. | |||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2025-04-03 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | |||||
| CVE-2006-4260 | 1 Jake Olefsky | 1 Fotopholder | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter. | |||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. | |||||
| CVE-2001-0460 | 1 Baltimore Technologies | 1 Websweeper | 2025-04-03 | 5.0 MEDIUM | N/A |
| Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header. | |||||
| CVE-2004-0339 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. | |||||
| CVE-2004-1505 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter. | |||||
| CVE-2004-1847 | 1 Expinion.net | 1 News Manager Lite | 2025-04-03 | 7.5 HIGH | N/A |
| News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | |||||
| CVE-2004-2614 | 1 Xuebrothers | 1 Myweb | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2006-3843 | 1 Mambo | 1 Mambo Calendar | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2004-1831 | 1 Techland | 1 Chrome | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. | |||||
| CVE-2004-0761 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | |||||
| CVE-2004-2324 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | |||||
| CVE-2005-1846 | 1 Yamt | 1 Yamt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options. | |||||
| CVE-2001-1169 | 1 Bell Communications Research | 1 S Key | 2025-04-03 | 7.5 HIGH | N/A |
| keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. | |||||
| CVE-2002-2193 | 1 Mojo Mail | 1 Mojo Mail | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 allows remote attackers to inject arbitrary web script via the email parameter. | |||||
| CVE-2004-2215 | 1 Marc Lehmann | 1 Rxvt-unicode | 2025-04-03 | 4.6 MEDIUM | N/A |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. | |||||
| CVE-2005-3742 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. | |||||
| CVE-2003-0743 | 1 University Of Cambridge | 1 Exim | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer. | |||||