Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. | |||||
| CVE-2002-1340 | 1 Microsoft | 1 Office Web Components | 2025-04-03 | 5.0 MEDIUM | N/A |
| The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception. | |||||
| CVE-1999-0026 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
| root privileges via buffer overflow in pset command on SGI IRIX systems. | |||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||||
| CVE-2006-2304 | 1 Novell | 1 Client | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow. | |||||
| CVE-2006-2538 | 2 Ie Tab, Mozilla | 2 Ie Tab, Firefox | 2025-04-03 | 2.6 LOW | N/A |
| IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. | |||||
| CVE-2005-0018 | 1 F2c Open Source Project | 1 F2c Translator | 2025-04-03 | 2.1 LOW | N/A |
| The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2001-0731 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | |||||
| CVE-2006-1428 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. | |||||
| CVE-2005-1755 | 1 Php Poll Creator | 1 Php Poll Creator | 2025-04-03 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter. | |||||
| CVE-2002-2017 | 1 Sas | 2 Base, Integration Technologies | 2025-04-03 | 10.0 HIGH | N/A |
| sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | |||||
| CVE-2006-4267 | 1 Devellion | 1 Cubecart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. | |||||
| CVE-2004-0824 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files. | |||||
| CVE-2001-0942 | 1 Oracle | 1 Database Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | |||||
| CVE-2005-4394 | 1 Formicary Ltd. | 1 Epix | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters. | |||||
| CVE-2004-0712 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. | |||||
| CVE-2005-2839 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. | |||||
| CVE-2005-0645 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. | |||||
| CVE-2002-0821 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. | |||||
| CVE-2000-0882 | 1 Intel | 4 Express 510t, Express 520t, Express 550f and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash. | |||||