Total
29801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0786 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 5.1 MEDIUM | N/A |
| Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs. | |||||
| CVE-2004-1657 | 1 Newtelligence | 1 Dasblog | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. | |||||
| CVE-2006-4523 | 1 2wire Inc | 2 Homeportal, Officeportal | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. | |||||
| CVE-2005-0480 | 1 Trackercam | 1 Trackercam | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file. | |||||
| CVE-2005-3799 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. | |||||
| CVE-2003-0470 | 1 Symantec | 1 Security Check | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. | |||||
| CVE-2003-0777 | 1 Sane | 2 Sane, Sane-backend | 2025-04-03 | 5.0 MEDIUM | N/A |
| saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault). | |||||
| CVE-2005-4079 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 5.0 MEDIUM | N/A |
| The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. | |||||
| CVE-2002-1227 | 1 Pam | 1 Pam | 2025-04-03 | 7.5 HIGH | N/A |
| PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. | |||||
| CVE-2004-2015 | 1 Webct | 1 Webct | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. | |||||
| CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | |||||
| CVE-2003-0511 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. | |||||
| CVE-2006-1211 | 1 Micromuse | 1 Netcool Neusecure | 2025-04-03 | 7.5 HIGH | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | |||||
| CVE-2005-0326 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
| pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script. | |||||
| CVE-2002-1391 | 1 Gert Doering | 1 Mgetty | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. | |||||
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2025-04-03 | 3.6 LOW | N/A |
| The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | |||||
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | |||||
| CVE-1999-0582 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. | |||||
| CVE-2005-3343 | 1 Tkdiff | 1 Tkdiff | 2025-04-03 | 4.6 MEDIUM | N/A |
| tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-2462 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. | |||||