Total
29569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0172 | 2 Matt Kimball And Roger Wolff, Turbolinux | 2 Mtr, Turbolinux | 2025-04-03 | 7.2 HIGH | N/A |
| The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. | |||||
| CVE-2005-3390 | 1 Php | 1 Php | 2025-04-03 | 7.5 HIGH | N/A |
| The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. | |||||
| CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.2 HIGH | N/A |
| The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | |||||
| CVE-2005-2647 | 1 Xerox | 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. | |||||
| CVE-2003-1321 | 1 Avant Force | 1 Avant Browser | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. | |||||
| CVE-1999-0264 | 1 Miva | 1 Htmlscript | 2025-04-03 | 5.0 MEDIUM | N/A |
| htmlscript CGI program allows remote read access to files. | |||||
| CVE-2006-0876 | 1 Popfile | 1 Popfile | 2025-04-03 | 5.0 MEDIUM | N/A |
| POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages. | |||||
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-03 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | |||||
| CVE-2005-2265 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. | |||||
| CVE-2005-3694 | 1 Centericq | 1 Centericq | 2025-04-03 | 7.8 HIGH | N/A |
| centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. | |||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | |||||
| CVE-2006-0407 | 1 Azbb | 1 Az Bulletin Board | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim. | |||||
| CVE-2006-4679 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | 5.0 MEDIUM | N/A |
| DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug". | |||||
| CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2004-0729 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 5.0 MEDIUM | N/A |
| PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message. | |||||
| CVE-2005-4803 | 1 Graphviz | 1 Graphviz | 2025-04-03 | 3.6 LOW | N/A |
| graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier. | |||||
| CVE-2000-0630 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
| IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
| CVE-2001-1321 | 1 Oracle | 1 Internet Directory | 2025-04-03 | 7.5 HIGH | N/A |
| Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2005-2927 | 1 Sco | 1 Unixware | 2025-04-03 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command. | |||||
| CVE-2006-1600 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||