Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0977 | 1 Microsoft | 1 File Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. | |||||
| CVE-2006-2424 | 1 Ezusermanager | 1 Ezusermanager | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | |||||
| CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Land IP denial of service. | |||||
| CVE-2006-1708 | 1 Clansys | 1 Clansys | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | |||||
| CVE-2006-4949 | 1 Drupal | 1 Site Profile Directory Module | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. | |||||
| CVE-2005-4305 | 1 Edgewall Software | 1 Trac | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. | |||||
| CVE-2005-1992 | 1 Yukihiro Matsumoto | 1 Ruby | 2025-04-03 | 7.5 HIGH | N/A |
| The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-1110 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | 5.0 MEDIUM | N/A |
| EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. | |||||
| CVE-2002-1005 | 1 Argosoft | 1 Argosoft Mail Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop. | |||||
| CVE-2004-2034 | 1 Wildtangent | 1 Webdriver | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename. | |||||
| CVE-2004-0291 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. | |||||
| CVE-2005-4037 | 1 Web4future | 1 Affiliate Manager Professional | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2005-3464 | 1 Oracle | 1 Peoplesoft Enterprise | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04. | |||||
| CVE-2006-3549 | 1 Horde | 1 Horde Application Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
| services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. | |||||
| CVE-2002-2274 | 1 Akfingerd | 1 Akfingerd | 2025-04-03 | 2.1 LOW | N/A |
| akfingerd 0.5 allows local users to read arbitrary files as the akfingerd user (nobody) via a symlink attack on the .plan file. | |||||
| CVE-2000-0469 | 1 Selena Sol | 1 Webbanner | 2025-04-03 | 5.1 MEDIUM | N/A |
| Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | |||||
| CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | |||||
| CVE-2001-0438 | 1 Netopia | 1 Timbuktu Mac | 2025-04-03 | 2.1 LOW | N/A |
| Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | |||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||