Total
29516 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0127 | 1 Oliver Debon | 1 Flash | 2025-04-03 | 7.6 HIGH | N/A |
| Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. | |||||
| CVE-2005-0415 | 1 Ulrik Petersen | 1 Emdros Database Engine | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | |||||
| CVE-2005-3298 | 1 Suse | 1 Suse Linux | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-2340 | 1 Lethal Penguin | 2 Passmasterflex, Passmasterflexplus | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. | |||||
| CVE-2005-4164 | 1 Widgetmonkey | 1 Php-addressbook | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1403 | 1 Just Williams | 1 Amazon Webstore | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. | |||||
| CVE-2005-0524 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value. | |||||
| CVE-2002-0474 | 1 Zeroforum | 1 Zeroforum | 2025-04-03 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag. | |||||
| CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
| Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | |||||
| CVE-2005-1886 | 1 Yapig | 1 Yapig | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. | |||||
| CVE-2005-0780 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | |||||
| CVE-2002-1260 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2025-04-03 | 7.5 HIGH | N/A |
| The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. | |||||
| CVE-2002-1180 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | |||||
| CVE-2006-2833 | 1 Drupal | 1 Drupal | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | |||||
| CVE-2001-0764 | 1 Juergen Schoenwaelder | 1 Scotty | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument. | |||||
| CVE-2006-3309 | 1 Internet Scout Project | 1 Scout Portal Toolkit | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2006-4423 | 1 Bigace | 1 Bigace | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php. | |||||
| CVE-2003-0984 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
| Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. | |||||
| CVE-2000-0793 | 2 Novell, Symantec | 2 Client, Norton Antivirus | 2025-04-03 | 10.0 HIGH | N/A |
| Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. | |||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | |||||