Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1214 | 1 Burut | 1 Kreed | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text. | |||||
| CVE-2005-1824 | 1 Gnu | 1 Mailutils | 2025-04-03 | 7.5 HIGH | N/A |
| The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. | |||||
| CVE-2005-1614 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter. | |||||
| CVE-2006-1288 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. | |||||
| CVE-2004-0607 | 3 Ipsec-tools, Kame, Redhat | 4 Ipsec-tools, Racoon, Enterprise Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. | |||||
| CVE-2006-3301 | 1 Phpqladmin | 1 Phpqladmin | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. | |||||
| CVE-2006-1854 | 1 Bluepay | 1 Bluepay Manager | 2025-04-03 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute | |||||
| CVE-2006-4971 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 5.0 MEDIUM | N/A |
| MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | |||||
| CVE-2006-3179 | 1 Swsoft | 1 Confixx | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. | |||||
| CVE-1999-0807 | 1 Netscape | 1 Directory Server | 2025-04-03 | 7.2 HIGH | N/A |
| The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. | |||||
| CVE-2003-0471 | 1 Alt-n | 1 Webadmin | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. | |||||
| CVE-2005-2077 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2004-2326 | 1 Ip3 Networks | 3 Ip3 Netaccess, Ip3 Netaccess - Hospitality, Ip3 Netaccess - Wireless Hotspots | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. | |||||
| CVE-2005-2102 | 1 Rob Flynn | 1 Gaim | 2025-04-03 | 5.0 MEDIUM | N/A |
| The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. | |||||
| CVE-2002-0482 | 1 Newlog | 1 Netsupport Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | |||||
| CVE-2002-1031 | 1 Key Focus | 1 Kf Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character. | |||||
| CVE-2002-0437 | 1 Stefan Frings | 1 Sms Server Tools | 2025-04-03 | 10.0 HIGH | N/A |
| Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. | |||||
| CVE-2000-1002 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. | |||||
| CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2025-04-03 | 5.0 MEDIUM | N/A |
| Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | |||||
| CVE-2000-1112 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 4.6 MEDIUM | N/A |
| Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. | |||||