Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29520 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3883 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
CVE-2006-0134 1 Thewebforum 1 Thewebforum 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.
CVE-2001-0479 1 Phppgadmin 1 Phppgadmin 2025-04-03 7.5 HIGH N/A
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
CVE-2003-0028 10 Cray, Freebsd, Gnu and 7 more 13 Unicos, Freebsd, Glibc and 10 more 2025-04-03 7.5 HIGH N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-1999-0219 1 Cat Soft 1 Serv-u 2025-04-03 7.8 HIGH N/A
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
CVE-2006-1784 1 Sphider 1 Sphider 2025-04-03 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
CVE-2004-0044 1 Cisco 1 Personal Assistant 2025-04-03 7.5 HIGH N/A
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
CVE-2006-0077 1 Richard Dawe 1 File Extattr 2025-04-03 2.1 LOW N/A
Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors.
CVE-2005-1364 1 Metalinks 1 Metabid Auctions 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.
CVE-2002-2180 1 Openbsd 1 Openbsd 2025-04-03 6.8 MEDIUM N/A
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
CVE-2005-2899 1 Cj Design 1 Cj Tag Board 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter.
CVE-2006-4280 1 Mambo 1 Anjel Component 2025-04-03 7.5 HIGH N/A
PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file
CVE-2006-1157 1 Adp 1 Adp Forum 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.
CVE-2006-1379 1 Trend Micro 1 Pc-cillin 2006 2025-04-03 7.2 HIGH N/A
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.
CVE-2004-0190 1 Symantec 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r 2025-04-03 7.5 HIGH N/A
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
CVE-2006-1270 1 Inprotect 1 Inprotect 2025-04-03 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2001-1128 1 Progress 1 Progress 2025-04-03 7.2 HIGH N/A
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
CVE-2006-0867 1 South River 1 Webdrive 2025-04-03 5.0 MEDIUM N/A
Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field.
CVE-2005-4739 1 Ibm 1 Db2 Universal Database 2025-04-03 6.8 MEDIUM N/A
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.
CVE-2001-1287 1 Ipswitch 1 Imail 2025-04-03 7.5 HIGH N/A
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.