Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0947 | 1 Coinsoft Technologies | 1 Phpcoin | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2006-4281 | 1 Arthur Konze Webdesign | 1 Akocomment | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | |||||
| CVE-2003-0864 | 1 Ircnet | 1 Ircnet Ircd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service. | |||||
| CVE-2006-3050 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter. | |||||
| CVE-2006-3049 | 1 Mole Group Ticket Booking Script | 1 Mole Group Ticket Booking Script | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php. | |||||
| CVE-2002-0652 | 1 Sgi | 1 Irix | 2025-04-03 | 7.5 HIGH | N/A |
| xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs(). | |||||
| CVE-2005-0987 | 1 Irc Services | 1 Nickserv Listlinks | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick. | |||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2025-04-03 | 5.0 MEDIUM | N/A |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. | |||||
| CVE-2006-1796 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). | |||||
| CVE-2005-1507 | 1 4d | 1 Webstar | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. | |||||
| CVE-2006-3340 | 1 Pearlinger | 1 Pearl For Mambo | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. | |||||
| CVE-2001-0687 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). | |||||
| CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2025-04-03 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | |||||
| CVE-2004-1705 | 1 Citadel | 1 Ux | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2005-2197 | 1 Id Board | 1 Id Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | |||||
| CVE-2002-0832 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | |||||
| CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. | |||||
| CVE-2003-1134 | 1 Sun | 1 Java | 2025-04-03 | 2.1 LOW | N/A |
| Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception. | |||||
| CVE-1999-1067 | 1 Sgi | 1 Irix | 2025-04-03 | 5.0 MEDIUM | N/A |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | |||||