Total
29804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | |||||
| CVE-2001-0438 | 1 Netopia | 1 Timbuktu Mac | 2025-04-03 | 2.1 LOW | N/A |
| Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | |||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||
| CVE-1999-1042 | 1 Cisco | 1 Resource Manager | 2025-04-03 | 1.2 LOW | N/A |
| Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. | |||||
| CVE-2006-4502 | 1 Ztml | 1 Ezportal Ztml Cms | 2025-04-03 | 7.5 HIGH | N/A |
| ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. | |||||
| CVE-2002-0876 | 1 Evolvable Corporation | 1 Shambala Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request. | |||||
| CVE-2005-4591 | 1 Bogofilter | 1 Email Filter | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets. | |||||
| CVE-2005-3956 | 1 Dmanews | 1 Dmanews | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | |||||
| CVE-2006-4315 | 1 Ssh | 4 Tectia Client, Tectia Connector, Tectia Manager and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. | |||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
| CVE-2002-1233 | 1 Apache | 1 Http Server | 2025-04-03 | 2.6 LOW | N/A |
| A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | |||||
| CVE-2000-0650 | 1 Network Associates | 2 Netshield, Virusscan | 2025-04-03 | 2.1 LOW | N/A |
| The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. | |||||
| CVE-2002-0449 | 1 Talentsoft | 1 Web\+ Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe. | |||||
| CVE-2006-0671 | 1 Sony Ericsson | 4 K600i, T68i, V600i and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
| Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet. | |||||
| CVE-2004-1795 | 1 Info Touch | 1 Surfnet | 2025-04-03 | 2.1 LOW | N/A |
| Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI. | |||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2025-04-03 | 2.1 LOW | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||
| CVE-2003-1138 | 1 Redhat | 1 Interchange | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). | |||||
| CVE-2002-1210 | 1 Qualcomm | 1 Eudora | 2025-04-03 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. | |||||
| CVE-2004-2381 | 1 Jetty | 1 Jetty Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length. | |||||
| CVE-2004-1380 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | |||||