Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1618 | 1 Vypress | 1 Tonecast | 2025-04-03 | 5.0 MEDIUM | N/A |
| Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream. | |||||
| CVE-2005-3386 | 1 Techno Dreams | 1 Web Directory | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | |||||
| CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. | |||||
| CVE-2002-2043 | 1 Cyrus | 1 Sasl | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password. | |||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2025-04-03 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | |||||
| CVE-2003-0056 | 1 Slocate | 1 Slocate | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument. | |||||
| CVE-2005-0292 | 1 Php Gift Registry | 1 Phpgiftreg | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters. | |||||
| CVE-2002-1476 | 1 Netbsd | 1 Netbsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh. | |||||
| CVE-2002-1787 | 1 Sgi | 1 Irix | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-1999-0167 | 1 Sun | 1 Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. | |||||
| CVE-2003-0848 | 1 Slocate | 1 Slocate | 2025-04-03 | 4.6 MEDIUM | N/A |
| Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used. | |||||
| CVE-2004-1730 | 1 Mantis | 1 Mantis | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. | |||||
| CVE-2000-0348 | 1 Sco | 1 Unixware | 2025-04-03 | 10.0 HIGH | N/A |
| A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. | |||||
| CVE-2005-3968 | 1 Phpx | 1 Phpx | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter. | |||||
| CVE-2006-0187 | 1 Microsoft | 1 Visual Studio .net | 2025-04-03 | 5.1 MEDIUM | N/A |
| By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | |||||
| CVE-2004-2196 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
| Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. | |||||
| CVE-2004-0066 | 1 Phpgedview | 1 Phpgedview | 2025-04-03 | 5.0 MEDIUM | N/A |
| phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. | |||||
| CVE-2004-1504 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | 5.0 MEDIUM | N/A |
| The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php. | |||||
| CVE-2006-2577 | 1 Docebo | 1 Docebo | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1914 | 1 Dbbs | 1 Dbbs | 2025-04-03 | 5.0 MEDIUM | N/A |
| DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue. | |||||