Total
29809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1153 | 1 Hamcards Postcard Cgi | 1 Hamcards Postcard Cgi | 2025-04-03 | 7.5 HIGH | N/A |
| HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. | |||||
| CVE-2002-1615 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 7.2 HIGH | N/A |
| Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader. | |||||
| CVE-2002-2134 | 1 Peel | 1 Peel | 2025-04-03 | 5.0 MEDIUM | N/A |
| haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file. | |||||
| CVE-2001-0277 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. | |||||
| CVE-2005-0146 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation. | |||||
| CVE-2006-2928 | 1 Cms-bandits | 1 Cms-bandits | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php. | |||||
| CVE-2003-1268 | 1 Urlogy | 1 A.shop.kart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters. | |||||
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | |||||
| CVE-2005-3374 | 1 Frisk Software | 1 F-prot Antivirus | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-0183 | 1 Squirrelmail | 1 Vacation Plugin | 2025-04-03 | 7.2 HIGH | N/A |
| ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. | |||||
| CVE-2000-1175 | 1 Jan Hubicka | 1 Koules | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument. | |||||
| CVE-2004-1812 | 1 Broadcom | 1 Unicenter Tng | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-4577 | 1 Hitachi | 1 Business Logic | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form. | |||||
| CVE-2002-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." | |||||
| CVE-2002-1601 | 1 Adobe | 1 Photodeluxe | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page. | |||||
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | |||||
| CVE-2006-0171 | 1 Orjinweb | 1 Orjinweb E-commerce | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE. | |||||
| CVE-2004-1318 | 1 Namazu | 1 Namazu | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. | |||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2025-04-03 | 10.0 HIGH | N/A |
| PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | |||||
| CVE-2006-1172 | 1 Tdc | 1 Cryptomathic Cenroll Activex Control | 2025-04-03 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature. | |||||