Total
29521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2455 | 1 Sweex | 1 Wireless Broadband Router Accesspoint 802.11g | 2025-04-03 | 7.5 HIGH | N/A |
| Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file. | |||||
| CVE-2006-4020 | 1 Php | 1 Php | 2025-04-03 | 4.6 MEDIUM | N/A |
| scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. | |||||
| CVE-2003-0292 | 1 Inktomi | 1 Inktomi Traffic-server | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS. | |||||
| CVE-2006-0701 | 1 Imagevue | 1 Imagevue | 2025-04-03 | 5.0 MEDIUM | N/A |
| readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters. | |||||
| CVE-2004-1662 | 1 Yabb | 1 Yabb | 2025-04-03 | 5.0 MEDIUM | N/A |
| YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. | |||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. | |||||
| CVE-2003-0104 | 1 Peoplesoft | 1 Peopletools | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet. | |||||
| CVE-2004-1798 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
| RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726. | |||||
| CVE-2006-0803 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | |||||
| CVE-2005-4170 | 1 Efiction Project | 1 Efiction | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php. | |||||
| CVE-2006-2246 | 1 Uapplication | 1 Ublog | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry. | |||||
| CVE-2002-2091 | 1 Decfingerd | 1 Decfingerd | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. | |||||
| CVE-2006-3596 | 1 Cisco | 1 Ips Sensor Software | 2025-04-03 | 5.0 MEDIUM | N/A |
| The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. | |||||
| CVE-2003-0217 | 1 Neoteris | 1 Instant Virtual Extranet | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script. | |||||
| CVE-2002-1853 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php. | |||||
| CVE-2005-2232 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2002-1754 | 1 Novell | 1 Netware Client | 2025-04-03 | 2.1 LOW | N/A |
| Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname. | |||||
| CVE-2001-1044 | 1 Basilix | 1 Basilix Webmail | 2025-04-03 | 7.5 HIGH | N/A |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. | |||||
| CVE-2005-3161 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php. | |||||
| CVE-2005-3727 | 1 Revize Cms | 1 Revize Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||