Total
29520 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3883 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | |||||
CVE-2006-0134 | 1 Thewebforum | 1 Thewebforum | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. | |||||
CVE-2001-0479 | 1 Phppgadmin | 1 Phppgadmin | 2025-04-03 | 7.5 HIGH | N/A |
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
CVE-2003-0028 | 10 Cray, Freebsd, Gnu and 7 more | 13 Unicos, Freebsd, Glibc and 10 more | 2025-04-03 | 7.5 HIGH | N/A |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | |||||
CVE-1999-0219 | 1 Cat Soft | 1 Serv-u | 2025-04-03 | 7.8 HIGH | N/A |
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command. | |||||
CVE-2006-1784 | 1 Sphider | 1 Sphider | 2025-04-03 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | |||||
CVE-2004-0044 | 1 Cisco | 1 Personal Assistant | 2025-04-03 | 7.5 HIGH | N/A |
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. | |||||
CVE-2006-0077 | 1 Richard Dawe | 1 File Extattr | 2025-04-03 | 2.1 LOW | N/A |
Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors. | |||||
CVE-2005-1364 | 1 Metalinks | 1 Metabid Auctions | 2025-04-03 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | |||||
CVE-2002-2180 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 6.8 MEDIUM | N/A |
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error. | |||||
CVE-2005-2899 | 1 Cj Design | 1 Cj Tag Board | 2025-04-03 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter. | |||||
CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2025-04-03 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file | |||||
CVE-2006-1157 | 1 Adp | 1 Adp Forum | 2025-04-03 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. | |||||
CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2025-04-03 | 7.2 HIGH | N/A |
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | |||||
CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2025-04-03 | 7.5 HIGH | N/A |
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
CVE-2006-1270 | 1 Inprotect | 1 Inprotect | 2025-04-03 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2001-1128 | 1 Progress | 1 Progress | 2025-04-03 | 7.2 HIGH | N/A |
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
CVE-2006-0867 | 1 South River | 1 Webdrive | 2025-04-03 | 5.0 MEDIUM | N/A |
Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field. | |||||
CVE-2005-4739 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 6.8 MEDIUM | N/A |
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | |||||
CVE-2001-1287 | 1 Ipswitch | 1 Imail | 2025-04-03 | 7.5 HIGH | N/A |
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |