Total
29515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0593 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 2.6 LOW | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. | |||||
| CVE-2000-0387 | 1 Alexander Siegel | 1 Golddig | 2025-04-03 | 2.1 LOW | N/A |
| The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. | |||||
| CVE-2006-0853 | 1 Truenorth Software | 1 Ia Emailserver | 2025-04-03 | 6.5 MEDIUM | N/A |
| Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument. | |||||
| CVE-1999-0823 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. | |||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | |||||
| CVE-2005-2861 | 1 N-stalker | 1 N-stealth | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | |||||
| CVE-2005-0329 | 1 Zipgenius | 1 Zipgenius | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences. | |||||
| CVE-2001-0038 | 1 Metaproducts | 1 Offline Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. | |||||
| CVE-2005-2985 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter. | |||||
| CVE-1999-0587 | 2025-04-03 | 10.0 HIGH | N/A | ||
| A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. | |||||
| CVE-2002-1610 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 2.1 LOW | N/A |
| Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service. | |||||
| CVE-2006-2131 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 5.0 MEDIUM | N/A |
| include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions. | |||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | |||||
| CVE-2002-1602 | 1 Gnu | 1 Screen | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | |||||
| CVE-2005-2210 | 1 Tonec Inc. | 1 Internet Download Manager | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2006-2827 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 6.4 MEDIUM | 9.8 CRITICAL |
| SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims | |||||
| CVE-2005-4665 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. | |||||
| CVE-2005-3582 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.2 HIGH | N/A |
| ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | |||||
| CVE-2006-3092 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 7.5 HIGH | N/A |
| PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2001-0903 | 1 Intel | 1 High-bandwidth Digital Content Protection | 2025-04-03 | 7.5 HIGH | N/A |
| Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication. | |||||