Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2145 | 1 Savant | 1 Savant Webserver | 2025-04-03 | 7.5 HIGH | N/A |
| Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename. | |||||
| CVE-2004-1985 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. | |||||
| CVE-2003-0415 | 1 Access-remote-pc.com | 1 Remote Pc Access | 2025-04-03 | 5.0 MEDIUM | N/A |
| Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server. | |||||
| CVE-2002-0703 | 1 Gisle Aas | 1 Digest-md5 | 2025-04-03 | 7.5 HIGH | N/A |
| An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data. | |||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2025-04-03 | 4.6 MEDIUM | N/A |
| VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | |||||
| CVE-2005-2143 | 1 Microsoft | 1 Frontpage | 2025-04-03 | 5.0 MEDIUM | N/A |
| Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | |||||
| CVE-2006-0970 | 1 Activecampaign | 6 1-2-all, General, Isalient and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter. | |||||
| CVE-2006-1287 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. | |||||
| CVE-1999-0482 | 1 Openbsd | 1 Openbsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| OpenBSD kernel crash through TSS handling, as caused by the crashme program. | |||||
| CVE-2003-0162 | 1 Ecartis | 1 Ecartis | 2025-04-03 | 7.5 HIGH | N/A |
| Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page. | |||||
| CVE-2002-1970 | 1 Snortcenter | 1 Snortcenter | 2025-04-03 | 2.1 LOW | N/A |
| SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers. | |||||
| CVE-2005-4385 | 1 Cofax | 1 Cofax | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | |||||
| CVE-2002-0131 | 1 Activestate | 1 Activepython | 2025-04-03 | 5.0 MEDIUM | N/A |
| ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script. | |||||
| CVE-2006-1090 | 1 Punbb | 1 Punbb | 2025-04-03 | 7.8 HIGH | N/A |
| register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. | |||||
| CVE-1999-0943 | 1 Openlink | 1 Openlink | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. | |||||
| CVE-2004-1013 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2025-04-03 | 10.0 HIGH | N/A |
| The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. | |||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | |||||
| CVE-2005-3452 | 1 Oracle | 1 Application Server | 2025-04-03 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. | |||||
| CVE-2001-0030 | 1 Smartstuff | 1 Foolproof Security | 2025-04-03 | 7.2 HIGH | N/A |
| FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them. | |||||
| CVE-2004-0471 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). | |||||