Total
29516 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | |||||
| CVE-2006-3860 | 1 Ibm | 1 Informix Dynamic Database Server | 2025-04-03 | 7.5 HIGH | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions. | |||||
| CVE-2000-1019 | 1 Inktomi | 1 Search Software | 2025-04-03 | 5.0 MEDIUM | N/A |
| Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. | |||||
| CVE-2003-0642 | 1 Watchguard | 1 Serverlock | 2025-04-03 | 2.1 LOW | N/A |
| WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \Device\PhysicalMemory. | |||||
| CVE-2005-2998 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 7.5 HIGH | N/A |
| PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files. | |||||
| CVE-2006-2159 | 1 Russcom Network | 1 Loginphp | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | |||||
| CVE-2005-3364 | 1 Platinum | 1 Dboardgear | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php. | |||||
| CVE-1999-0066 | 1 John S. Roberts | 1 Anyform | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| AnyForm CGI remote execution. | |||||
| CVE-2006-2346 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2025-04-03 | 7.5 HIGH | N/A |
| vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP. | |||||
| CVE-2006-3883 | 1 Gonafish | 1 Linkscaffe | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php. | |||||
| CVE-2006-2324 | 1 180solutions | 1 Zango | 2025-04-03 | 10.0 HIGH | N/A |
| 180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com. | |||||
| CVE-2005-4743 | 1 Nelogic Technologies | 1 Nephp Publisher | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters. | |||||
| CVE-2004-1412 | 1 Kayako | 1 Esupport | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter. | |||||
| CVE-2006-3376 | 1 Wvware | 2 Libwmf, Wv2 | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | |||||
| CVE-2006-4608 | 1 Longino | 1 Jacome Php-revista | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. | |||||
| CVE-2002-0211 | 1 Tarantella | 1 Tarantella Enterprise | 2025-04-03 | 6.2 MEDIUM | N/A |
| Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed. | |||||
| CVE-2001-0730 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | |||||
| CVE-2006-4505 | 1 Nx5 | 1 Nx5linx | 2025-04-03 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter. | |||||
| CVE-2005-2067 | 1 Asp-nuke | 1 Asp-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2000-0533 | 1 Sgi | 1 Workshop Debugger And Performance Tools | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. | |||||