Total
29521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1348 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash). | |||||
| CVE-2000-0375 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 2.1 LOW | N/A |
| The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. | |||||
| CVE-2006-2652 | 1 Wikini | 1 Wikini | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. | |||||
| CVE-2004-2424 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. | |||||
| CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | |||||
| CVE-2002-1223 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||||
| CVE-2004-1383 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php. | |||||
| CVE-2005-0087 | 2 Alsa-project, Redhat | 2 Alsa-lib, Enterprise Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. | |||||
| CVE-2006-3565 | 1 Hivemail | 1 Hivemail | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter. | |||||
| CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | |||||
| CVE-2004-1357 | 1 Sun | 1 Solaris | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | |||||
| CVE-2006-2642 | 1 Php-residence | 1 Php-residence | 2025-04-03 | 4.3 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-3349 | 1 Sms Script | 1 Sms Script | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. | |||||
| CVE-2002-2137 | 5 Alloy, D-link, Eusso and 2 more | 5 Gl-2422ap-s, Dwl-900ap\+, Gl2422 Ap and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155. | |||||
| CVE-2004-2275 | 1 I-mall Commerce | 1 I-mall.cgi | 2025-04-03 | 10.0 HIGH | N/A |
| i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. | |||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
| CVE-2006-1607 | 1 Exponent | 1 Exponent Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors. | |||||
| CVE-1999-0527 | 2025-04-03 | 10.0 HIGH | N/A | ||
| The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. | |||||
| CVE-2005-0653 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 4.6 MEDIUM | N/A |
| phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. | |||||
| CVE-2000-1113 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. | |||||