Total
29521 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0202 | 1 Paypal | 1 Php Toolkit | 2025-04-03 | 3.6 LOW | N/A |
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | |||||
CVE-2006-1140 | 1 Redblog | 1 Redblog | 2025-04-03 | 7.5 HIGH | N/A |
SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
CVE-2002-0504 | 1 Citrix | 1 Nfuse | 2025-04-03 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | |||||
CVE-2005-2092 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.3 MEDIUM | N/A |
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
CVE-2005-3404 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 7.5 HIGH | N/A |
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php. | |||||
CVE-2005-1742 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." | |||||
CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2025-04-03 | 5.0 MEDIUM | N/A |
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | |||||
CVE-2004-0402 | 2 Mandrakesoft, Xpcd | 2 Mandrake Linux, Xpcd | 2025-04-03 | 4.6 MEDIUM | N/A |
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code. | |||||
CVE-2001-1263 | 1 Pragma Systems | 1 Interaccess | 2025-04-03 | 5.0 MEDIUM | N/A |
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow. | |||||
CVE-2005-3721 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2025-04-03 | 5.0 MEDIUM | N/A |
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. | |||||
CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.8 HIGH | N/A |
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. | |||||
CVE-2005-1664 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 6.4 MEDIUM | N/A |
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties. | |||||
CVE-2005-0620 | 1 Bfriendly.com | 1 Einstein | 2025-04-03 | 2.1 LOW | N/A |
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. | |||||
CVE-2004-2127 | 1 Leif M. Wright | 1 Web Blog | 2025-04-03 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. | |||||
CVE-1999-0292 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
Denial of service through Winpopup using large user names. | |||||
CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 7.5 HIGH | N/A |
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | |||||
CVE-1999-0973 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 10.0 HIGH | N/A |
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. | |||||
CVE-2000-0892 | 2 Caldera, U Win | 2 Openlinux, U Win | 2025-04-03 | 2.6 LOW | N/A |
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. | |||||
CVE-1999-0350 | 1 Rational Software | 1 Clearcase | 2025-04-03 | 6.2 MEDIUM | N/A |
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. | |||||
CVE-2005-4487 | 1 Ramsite | 1 R1 Cms | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter. |