Total
29805 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2030 | 1 Alliedtelesyn | 1 At-9724ts | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing. | |||||
| CVE-2000-0746 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | |||||
| CVE-2006-2104 | 1 Kmail | 1 Kmail | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. | |||||
| CVE-2006-0426 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | |||||
| CVE-2004-0730 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. | |||||
| CVE-2006-0666 | 1 Ibm | 1 Aix | 2025-04-03 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX. | |||||
| CVE-2005-2386 | 1 Elemental Software | 1 Cartwiz | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-1285 | 1 Woltlab | 1 Burning Board | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. | |||||
| CVE-2001-1152 | 1 Baltimore Technologies | 1 Websweeper | 2025-04-03 | 7.5 HIGH | N/A |
| Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. | |||||
| CVE-2003-0696 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
| The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). | |||||
| CVE-2005-4426 | 1 Yabb | 1 Yabb | 2025-04-03 | 4.0 MEDIUM | N/A |
| Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB. | |||||
| CVE-2006-2173 | 1 Filezilla | 1 Filezilla Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-1770 | 1 Azerbaijan Development Group | 1 Azdgvote | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php. | |||||
| CVE-2005-3798 | 1 Alstrasoft | 1 Template Seller | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | |||||
| CVE-2005-2391 | 1 3com | 1 3crwe454g72 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. | |||||
| CVE-1999-0315 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in Solaris fdformat command gives root access to local users. | |||||
| CVE-1999-1095 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2025-04-03 | 7.2 HIGH | N/A |
| sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. | |||||
| CVE-2005-0954 | 1 Microsoft | 3 Internet Explorer, Windows Explorer, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. | |||||
| CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | |||||