Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2614 | 1 Crosscom Olicom | 1 Discuz | 2025-04-03 | 7.5 HIGH | N/A |
| Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php. | |||||
| CVE-2006-0610 | 1 2200net | 1 2200net Calendar | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php. | |||||
| CVE-2004-2079 | 1 Red-m | 1 Red-alert | 2025-04-03 | 7.5 HIGH | N/A |
| Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user. | |||||
| CVE-1999-0333 | 1 Hp | 1 Hp-ux | 2025-04-03 | 7.5 HIGH | N/A |
| HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. | |||||
| CVE-2001-0676 | 1 Ritlabs | 1 The Bat | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment. | |||||
| CVE-2006-0125 | 1 Appserv Open Project | 1 Appserv | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. | |||||
| CVE-2006-1795 | 1 Updi Network Enterprise | 1 At1 Event Publisher | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. | |||||
| CVE-2005-0516 | 1 Twiki | 1 Imagegalleryplugin | 2025-04-03 | 7.5 HIGH | N/A |
| The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. | |||||
| CVE-2005-2996 | 1 Symantec Veritas | 2 Storage Exec, Storagecentral | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls. | |||||
| CVE-2005-1026 | 2 Dlman Pro, Linkz Pro | 2 Dlman Pro, Linkz Pro | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro). | |||||
| CVE-2006-2241 | 1 Ftrainsoft | 1 Fast Click | 2025-04-03 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175. | |||||
| CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | |||||
| CVE-2006-2445 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.0 MEDIUM | N/A |
| Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting. | |||||
| CVE-2000-0583 | 1 Inter7 | 1 Vpopmail Vchkpw | 2025-04-03 | 5.0 MEDIUM | N/A |
| vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. | |||||
| CVE-2000-0459 | 1 Imp | 1 Imp | 2025-04-03 | 5.0 MEDIUM | N/A |
| IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. | |||||
| CVE-2001-0902 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | |||||
| CVE-2003-1202 | 1 Omail | 1 Omail Webmail | 2025-04-03 | 10.0 HIGH | N/A |
| The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. | |||||
| CVE-2002-1656 | 1 Xqus | 1 X-news | 2025-04-03 | 7.5 HIGH | N/A |
| X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie. | |||||
| CVE-2005-0804 | 1 Mailenable | 1 Mailenable Standard | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. | |||||
| CVE-2005-4072 | 1 Cfmagic | 1 Magic Forum Personal | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field. | |||||