Total
29515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | |||||
| CVE-2006-1972 | 1 Wingnut | 1 Easygallery | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter. | |||||
| CVE-2001-1172 | 1 Omnisecure | 1 Httprotect | 2025-04-03 | 4.6 MEDIUM | N/A |
| OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file. | |||||
| CVE-2006-2610 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. | |||||
| CVE-2004-2123 | 1 Nextplace | 1 E-commerce Asp Engine | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp. | |||||
| CVE-1999-0856 | 1 Slackware | 1 Slackware Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. | |||||
| CVE-2002-1100 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface. | |||||
| CVE-2006-4988 | 1 Patrick Michaelis | 1 Wili-cms | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors. | |||||
| CVE-2005-0602 | 1 Info-zip | 1 Unzip | 2025-04-03 | 6.2 MEDIUM | N/A |
| Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | |||||
| CVE-2002-0254 | 1 Mirabilis | 1 Icq | 2025-04-03 | 5.0 MEDIUM | N/A |
| ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2025-04-03 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2004-0622 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. | |||||
| CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | |||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2025-04-03 | 5.0 MEDIUM | N/A |
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-1999-1072 | 1 Excite | 1 Ews | 2025-04-03 | 7.2 HIGH | N/A |
| Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | |||||
| CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2025-04-03 | 6.4 MEDIUM | N/A |
| Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. | |||||
| CVE-2006-1098 | 1 Digital Builder | 1 Nz Ecommerce | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem | |||||
| CVE-2001-0468 | 1 Ftpfs | 1 Ftpfs | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in FTPFS allows local users to gain root privileges via a long user name. | |||||
| CVE-2004-0157 | 1 Xonix | 1 Xonix | 2025-04-03 | 4.6 MEDIUM | N/A |
| x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. | |||||