Total
29798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0401 | 1 Pdgsoft | 1 Pdg Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string. | |||||
| CVE-2005-2977 | 1 Pam | 1 Pam | 2025-04-03 | 2.1 LOW | N/A |
| The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. | |||||
| CVE-2006-2019 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | |||||
| CVE-2000-0186 | 4 Freebsd, Mandrakesoft, Redhat and 1 more | 4 Freebsd, Mandrake Linux, Linux and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. | |||||
| CVE-2002-2002 | 1 Compaq | 1 Tru64 | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables. | |||||
| CVE-2003-0059 | 1 Mit | 1 Kerberos 5 | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | |||||
| CVE-2006-1149 | 1 Owl | 1 Owl Intranet Engine | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use. | |||||
| CVE-2005-0284 | 1 Woltlab | 1 Burning Book | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | |||||
| CVE-2000-0217 | 2 Openbsd, Ssh | 3 Openssh, Ssh, Ssh2 | 2025-04-03 | 5.1 MEDIUM | N/A |
| The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. | |||||
| CVE-2003-0394 | 1 Blnews | 1 Blnews | 2025-04-03 | 7.5 HIGH | N/A |
| objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site. | |||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-2384 | 1 Alwil | 1 Avast Antivirus | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames. | |||||
| CVE-2006-4647 | 1 Sponge News | 1 Sponge News | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter. | |||||
| CVE-2000-0712 | 1 Lids | 1 Lids | 2025-04-03 | 7.2 HIGH | N/A |
| Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option. | |||||
| CVE-2002-2059 | 1 Intel | 4 D845bg Motherboard, D845hv Motherboard, D845pt Motherboard and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key. | |||||
| CVE-2003-1038 | 1 Sap | 1 Internet Transaction Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames. | |||||
| CVE-2005-3246 | 1 Ethereal Group | 1 Ethereal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors. | |||||
| CVE-2003-0105 | 1 Port80 Software | 1 Servermask | 2025-04-03 | 5.0 MEDIUM | N/A |
| ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server. | |||||
| CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | |||||
| CVE-2006-1209 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file. | |||||