Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4897 | 1 Cmtexts | 1 Cmtexts | 2025-04-03 | 5.0 MEDIUM | N/A |
| CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | |||||
| CVE-2003-1521 | 1 Sun | 1 Java Plug-in | 2025-04-03 | 6.4 MEDIUM | N/A |
| Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model. | |||||
| CVE-2004-2188 | 1 Dmxready | 1 Dmxready Site Chassis Manager | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2002-1984 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". | |||||
| CVE-2000-0162 | 1 Microsoft | 3 Ie, Internet Explorer, Visual Studio | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||||
| CVE-2005-1776 | 1 Cnedra | 1 Cnedra | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. | |||||
| CVE-2005-4189 | 1 Horde | 1 Kronolith H3 | 2025-04-03 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors. | |||||
| CVE-2005-1130 | 1 Desert Dog Software | 1 Pinnacle Cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. | |||||
| CVE-2004-1316 | 1 Mozilla | 1 Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | |||||
| CVE-2006-1342 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory. | |||||
| CVE-2001-1363 | 1 Phpwebsite Development Team | 1 Phpwebsite | 2025-04-03 | 10.0 HIGH | N/A |
| Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2025-04-03 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
| CVE-2003-0552 | 1 Redhat | 1 Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. | |||||
| CVE-2005-0830 | 1 Xzabite | 1 Dyndnsupdate | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-2221 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure. | |||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". | |||||
| CVE-2002-1965 | 1 Imatix | 1 Xitami | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request. | |||||
| CVE-2006-4360 | 1 Drupal | 1 Drupal E-commerce Module | 2025-04-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2004-1227 | 1 Sugarcrm | 1 Sugar Sales | 2025-04-03 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts. | |||||
| CVE-2005-1131 | 1 Symantec Veritas | 1 I3 Focalpoint Server | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | |||||