Total
29520 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2364 | 1 Phpx | 1 Phpx | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php. | |||||
| CVE-2006-3162 | 1 Smartsitecms | 1 Smartsitecms | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2003-1001 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. | |||||
| CVE-2000-0220 | 1 Zonelabs | 1 Zonealarm | 2025-04-03 | 5.0 MEDIUM | N/A |
| ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. | |||||
| CVE-1999-0906 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. | |||||
| CVE-2000-0912 | 1 Jcs Web Works | 1 Multihtml | 2025-04-03 | 5.0 MEDIUM | N/A |
| MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. | |||||
| CVE-2004-2565 | 1 Sambar | 1 Sambar Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. | |||||
| CVE-2003-0694 | 11 Apple, Compaq, Freebsd and 8 more | 18 Mac Os X, Mac Os X Server, Tru64 and 15 more | 2025-04-03 | 10.0 HIGH | N/A |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | |||||
| CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. | |||||
| CVE-2004-1613 | 3 Mozilla, Redhat, Sgi | 7 Mozilla, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. | |||||
| CVE-2005-4455 | 1 Livejournal | 1 Livejournal | 2025-04-03 | 5.0 MEDIUM | N/A |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | |||||
| CVE-2003-1122 | 1 Scriptlogic | 1 Scriptlogic | 2025-04-03 | 2.1 LOW | N/A |
| ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code. | |||||
| CVE-2005-3105 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
| The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. | |||||
| CVE-2006-1093 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | |||||
| CVE-2001-0621 | 1 Cisco | 1 Content Services Switch 11000 | 2025-04-03 | 7.5 HIGH | N/A |
| The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. | |||||
| CVE-1999-1084 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 4.6 MEDIUM | N/A |
| The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash. | |||||
| CVE-2004-0189 | 1 Squid | 1 Squid | 2025-04-03 | 7.5 HIGH | N/A |
| The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | |||||
| CVE-2006-3158 | 1 Eduha Meeting | 1 Eduha Meeting | 2025-04-03 | 7.5 HIGH | N/A |
| index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action. | |||||
| CVE-1999-1000 | 1 Cisco | 1 Cache Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
| The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. | |||||
| CVE-2003-0027 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. | |||||