Total
29804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3472 | 1 Sun | 1 Java System Communications Express | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. | |||||
| CVE-2003-0390 | 1 James Theiler | 1 Opt | 2025-04-03 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi. | |||||
| CVE-2006-1582 | 1 Blanknberg | 1 Blanknberg | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue. | |||||
| CVE-2004-0875 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. | |||||
| CVE-2006-3303 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters. | |||||
| CVE-2006-1651 | 1 Microsoft | 1 Isa Server | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol. | |||||
| CVE-2003-0478 | 5 Andromede, Bahamut, Daniel Moss and 2 more | 5 Adromedeircd, Ircd, Methane and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings. | |||||
| CVE-2006-1087 | 1 Php-stats | 1 Php-stats | 2025-04-03 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability. | |||||
| CVE-2005-1005 | 1 Profitcode | 1 Payprocart | 2025-04-03 | 7.5 HIGH | N/A |
| ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter. | |||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2025-04-03 | 7.2 HIGH | N/A |
| Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028. | |||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | |||||
| CVE-2006-1296 | 1 Beagle-project | 1 Beagle | 2025-04-03 | 7.5 HIGH | N/A |
| Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH. | |||||
| CVE-1999-0792 | 1 Osicom | 1 Routermate | 2025-04-03 | 5.0 MEDIUM | N/A |
| ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration. | |||||
| CVE-2004-2218 | 1 Phpmywebhosting | 1 Phpmywebhosting | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. | |||||
| CVE-2001-1308 | 1 Sun | 1 Iplanet Directory Server | 2025-04-03 | 7.5 HIGH | N/A |
| Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2006-2052 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product. | |||||
| CVE-2006-1155 | 1 Manas Tungare | 1 Site Membership Script | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp. | |||||
| CVE-2001-1558 | 1 Snort | 1 Snort | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash). | |||||
| CVE-2006-3384 | 1 Vincent Leclercq | 1 News | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. | |||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2025-04-03 | 5.0 MEDIUM | N/A |
| forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | |||||