Total
29515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4720 | 1 Mcgallery | 1 Mcgallery Pro | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | |||||
| CVE-2005-2874 | 1 Easy Software Products | 1 Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
| The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. | |||||
| CVE-2002-1244 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. | |||||
| CVE-2004-0367 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. | |||||
| CVE-2001-1510 | 1 Macromedia | 1 Jrun | 2025-04-03 | 5.0 MEDIUM | N/A |
| Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. | |||||
| CVE-1999-1074 | 1 Webmin | 1 Webmin | 2025-04-03 | 7.5 HIGH | N/A |
| Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. | |||||
| CVE-2005-3632 | 1 Netpbm | 1 Netpbm | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. | |||||
| CVE-2002-2167 | 1 Thorsten Korner | 1 123tkshop | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call. | |||||
| CVE-2004-0248 | 1 Phpx | 1 Phpx | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||
| CVE-2005-3507 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php. | |||||
| CVE-2001-1434 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. | |||||
| CVE-2002-0667 | 1 Pingtel | 1 Xpressa | 2025-04-03 | 10.0 HIGH | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone. | |||||
| CVE-2006-0985 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. | |||||
| CVE-2005-2375 | 1 Codemasters | 1 Toca Race Driver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message. | |||||
| CVE-2003-0473 | 1 Sgi | 1 Irix | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications. | |||||
| CVE-2002-0936 | 1 Apache | 1 Tomcat | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
| CVE-2003-0312 | 1 Snowblind.net | 1 Snowblind Web Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2006-1605 | 1 Exponent | 1 Exponent Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | |||||
| CVE-2006-0681 | 1 Power Daemon | 1 Power Daemon | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable. | |||||