Total
29549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3549 | 1 Horde | 1 Horde Application Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
| services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. | |||||
| CVE-2002-2274 | 1 Akfingerd | 1 Akfingerd | 2025-04-03 | 2.1 LOW | N/A |
| akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file. | |||||
| CVE-2000-0469 | 1 Selena Sol | 1 Webbanner | 2025-04-03 | 5.1 MEDIUM | N/A |
| Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | |||||
| CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | |||||
| CVE-2001-0438 | 1 Netopia | 1 Timbuktu Mac | 2025-04-03 | 2.1 LOW | N/A |
| Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | |||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||
| CVE-1999-1042 | 1 Cisco | 1 Resource Manager | 2025-04-03 | 1.2 LOW | N/A |
| Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. | |||||
| CVE-2006-4502 | 1 Ztml | 1 Ezportal Ztml Cms | 2025-04-03 | 7.5 HIGH | N/A |
| ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. | |||||
| CVE-2002-0876 | 1 Evolvable Corporation | 1 Shambala Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request. | |||||
| CVE-2005-4591 | 1 Bogofilter | 1 Email Filter | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets. | |||||
| CVE-2005-3956 | 1 Dmanews | 1 Dmanews | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | |||||
| CVE-2006-4315 | 1 Ssh | 4 Tectia Client, Tectia Connector, Tectia Manager and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. | |||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
| CVE-2002-1233 | 1 Apache | 1 Http Server | 2025-04-03 | 2.6 LOW | N/A |
| A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | |||||
| CVE-2000-0650 | 1 Network Associates | 2 Netshield, Virusscan | 2025-04-03 | 2.1 LOW | N/A |
| The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. | |||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | |||||
| CVE-2006-0671 | 1 Sony Ericsson | 4 K600i, T68i, V600i and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
| Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet. | |||||
| CVE-2004-1795 | 1 Info Touch | 1 Surfnet | 2025-04-03 | 2.1 LOW | N/A |
| Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI. | |||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2025-04-03 | 2.1 LOW | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||