Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29521 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0202 1 Paypal 1 Php Toolkit 2025-04-03 3.6 LOW N/A
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
CVE-2006-1140 1 Redblog 1 Redblog 2025-04-03 7.5 HIGH N/A
SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2002-0504 1 Citrix 1 Nfuse 2025-04-03 7.5 HIGH N/A
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
CVE-2005-2092 1 Bea 1 Weblogic Server 2025-04-03 4.3 MEDIUM N/A
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-3404 1 Adaptive Technology Resource Centre 1 Atutor 2025-04-03 7.5 HIGH N/A
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
CVE-2005-1742 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2025-04-03 5.0 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
CVE-2004-0303 1 Fools Workshop 1 Owls Workshop 2025-04-03 5.0 MEDIUM N/A
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
CVE-2004-0402 2 Mandrakesoft, Xpcd 2 Mandrake Linux, Xpcd 2025-04-03 4.6 MEDIUM N/A
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
CVE-2001-1263 1 Pragma Systems 1 Interaccess 2025-04-03 5.0 MEDIUM N/A
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
CVE-2005-3721 1 Hitachi 1 Ip5000 Voip Wifi Phone 2025-04-03 5.0 MEDIUM N/A
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.
CVE-2005-4269 1 Microsoft 3 Ie, Windows 2003 Server, Windows Xp 2025-04-03 7.8 HIGH N/A
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
CVE-2005-1664 1 Microsoft 1 Asp.net 2025-04-03 6.4 MEDIUM N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
CVE-2005-0620 1 Bfriendly.com 1 Einstein 2025-04-03 2.1 LOW N/A
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
CVE-2004-2127 1 Leif M. Wright 1 Web Blog 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable.
CVE-1999-0292 1 Microsoft 1 Windows Nt 2025-04-03 5.0 MEDIUM N/A
Denial of service through Winpopup using large user names.
CVE-2004-2631 1 Phpmyadmin 1 Phpmyadmin 2025-04-03 7.5 HIGH N/A
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
CVE-1999-0973 1 Sun 2 Solaris, Sunos 2025-04-03 10.0 HIGH N/A
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
CVE-2000-0892 2 Caldera, U Win 2 Openlinux, U Win 2025-04-03 2.6 LOW N/A
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
CVE-1999-0350 1 Rational Software 1 Clearcase 2025-04-03 6.2 MEDIUM N/A
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
CVE-2005-4487 1 Ramsite 1 R1 Cms 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter.