Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0823 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. | |||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | |||||
| CVE-2005-2861 | 1 N-stalker | 1 N-stealth | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | |||||
| CVE-2005-0329 | 1 Zipgenius | 1 Zipgenius | 2025-04-03 | 2.6 LOW | N/A |
| Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences. | |||||
| CVE-2001-0038 | 1 Metaproducts | 1 Offline Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. | |||||
| CVE-2005-2985 | 1 Aewebworks | 1 Aedating | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter. | |||||
| CVE-1999-0587 | 2025-04-03 | 10.0 HIGH | N/A | ||
| A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data. | |||||
| CVE-2002-1610 | 1 Hp | 2 Hp-ux, Tru64 | 2025-04-03 | 2.1 LOW | N/A |
| Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service. | |||||
| CVE-2006-2131 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | 5.0 MEDIUM | N/A |
| include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions. | |||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | |||||
| CVE-2002-1602 | 1 Gnu | 1 Screen | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code. | |||||
| CVE-2005-2210 | 1 Tonec Inc. | 1 Internet Download Manager | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2006-2827 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 6.4 MEDIUM | 9.8 CRITICAL |
| SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims | |||||
| CVE-2005-4665 | 1 Punbb | 1 Punbb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. | |||||
| CVE-2005-3582 | 1 Imagemagick | 1 Imagemagick | 2025-04-03 | 7.2 HIGH | N/A |
| ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | |||||
| CVE-2006-3092 | 1 Phpmyfactures | 1 Phpmyfactures | 2025-04-03 | 7.5 HIGH | N/A |
| PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2001-0903 | 1 Intel | 1 High-bandwidth Digital Content Protection | 2025-04-03 | 7.5 HIGH | N/A |
| Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication. | |||||
| CVE-2004-0990 | 5 Gd Graphics Library, Gentoo, Openpkg and 2 more | 5 Gdlib, Linux, Openpkg and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. | |||||
| CVE-2002-1533 | 1 Jetty | 1 Jetty | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). | |||||
| CVE-2006-3789 | 1 Ufo2000 | 1 Ufo2000 | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent crash) via certain packet data that specifies an out-of-bounds index. | |||||