Total
29511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0388 | 1 Oracle | 1 Mysql | 2025-04-03 | 2.1 LOW | N/A |
| The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2000-0027 | 1 Ibm | 1 Network Station Manager | 2025-04-03 | 6.2 MEDIUM | N/A |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. | |||||
| CVE-2006-0015 | 1 Microsoft | 2 Frontpage Server Extensions, Sharepoint Team Services | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. | |||||
| CVE-2005-4325 | 1 Driverse | 1 Driverse | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems." | |||||
| CVE-2006-0899 | 1 4images | 1 Image Gallery Management System | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter. | |||||
| CVE-1999-0358 | 1 Digital | 1 Unix | 2025-04-03 | 7.2 HIGH | N/A |
| Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. | |||||
| CVE-2006-0891 | 1 Nocc | 1 Nocc | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php. | |||||
| CVE-2000-1022 | 1 Cisco | 1 Pix Firewall Software | 2025-04-03 | 7.5 HIGH | N/A |
| The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. | |||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2025-04-03 | 4.6 MEDIUM | N/A |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | |||||
| CVE-2000-0490 | 1 Netwin | 1 Dmail | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. | |||||
| CVE-2005-3260 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php. | |||||
| CVE-2005-2900 | 1 Cj Desing | 1 Cjlinkout | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter. | |||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. | |||||
| CVE-2004-1787 | 1 Postnuke Software Foundation | 1 Postcalendar | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. | |||||
| CVE-2001-0866 | 1 Cisco | 1 12000 Router | 2025-04-03 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. | |||||
| CVE-2006-1719 | 1 Microsoft | 1 Ie | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. | |||||
| CVE-2004-0214 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 98 and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. | |||||
| CVE-2005-3878 | 1 Alex King | 1 Php Doc System | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter. | |||||
| CVE-2002-0249 | 1 Apache | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. | |||||
| CVE-2006-4329 | 1 Shadows Rising Rpg | 1 Shadows Rising Rpg | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | |||||