Total
29551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0297 | 1 Allaire | 1 Forums | 2025-04-03 | 6.4 MEDIUM | N/A |
| Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. | |||||
| CVE-2006-2863 | 1 Cs-cart | 1 Cs-cart | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | |||||
| CVE-2002-1576 | 1 Sap | 1 Sap Db | 2025-04-03 | 7.2 HIGH | N/A |
| lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program. | |||||
| CVE-2002-0884 | 2 Caldera, Sun | 3 Openunix, Unixware, Sunos | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error. | |||||
| CVE-2006-1485 | 1 Greymatter | 1 Greymatter | 2025-04-03 | 6.5 MEDIUM | N/A |
| gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
| The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | |||||
| CVE-2005-3015 | 1 Ibm | 2 Lotus Domino, Lotus Domino Enterprise Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. | |||||
| CVE-2002-0134 | 1 Avirt | 1 Avirt Gateway Suite | 2025-04-03 | 7.5 HIGH | N/A |
| Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. | |||||
| CVE-2002-0127 | 1 Netgear | 1 Rp114 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. | |||||
| CVE-2003-0796 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled. | |||||
| CVE-2006-1720 | 1 Arabless | 1 Saphplesson | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection. | |||||
| CVE-2006-3036 | 1 Andy Mack | 1 35mmslidegallery | 2025-04-03 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php. | |||||
| CVE-2002-2143 | 1 Mysimplenews | 1 Mysimplenews | 2025-04-03 | 7.5 HIGH | N/A |
| The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html. | |||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2005-3219 | 1 Avira | 1 Antivir Personal | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2003-0141 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
| The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. | |||||
| CVE-2005-4287 | 1 Marmaraweb | 1 Marmaraweb E-commerce | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php. | |||||
| CVE-1999-1548 | 1 Cabletron | 1 Smartswitch Router 8000 Firmware | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit. | |||||
| CVE-2002-2027 | 1 Doow | 1 Doow | 2025-04-03 | 7.5 HIGH | N/A |
| Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities. | |||||
| CVE-2004-0315 | 1 Avirt | 1 Voice | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080. | |||||