Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1114 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. | |||||
| CVE-2002-2077 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. | |||||
| CVE-1999-1402 | 2 Freebsd, Sun | 3 Freebsd, Solaris, Sunos | 2025-04-03 | 2.1 LOW | N/A |
| The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. | |||||
| CVE-2001-0018 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. | |||||
| CVE-2006-4847 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2025-04-03 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | |||||
| CVE-2006-1101 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2025-04-03 | 5.0 MEDIUM | N/A |
| The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint. | |||||
| CVE-2006-4559 | 1 Bernard Pacques | 1 Yet Another Community System Cms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532. | |||||
| CVE-2005-2109 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | N/A |
| wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | |||||
| CVE-2004-2046 | 1 Apc | 1 Powerchute | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2002-2224 | 1 Network Associates | 1 Pgp Freeware | 2025-04-03 | 5.1 MEDIUM | N/A |
| Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload. | |||||
| CVE-2006-1178 | 1 Tamarack Consulting | 1 Tamarack Mmsd | 2025-04-03 | 5.0 MEDIUM | N/A |
| Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. | |||||
| CVE-2006-4166 | 1 Tinywebgallery | 1 Tinywebgallery | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2. | |||||
| CVE-2005-4440 | 1 Vlan Protocol | 1 Vlan Protocol | 2025-04-03 | 5.0 MEDIUM | N/A |
| The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack." | |||||
| CVE-2002-2082 | 1 Floosietek | 2 Ftgateoffice, Ftgatepro | 2025-04-03 | 7.5 HIGH | N/A |
| FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users. | |||||
| CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | |||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 5.0 MEDIUM | N/A |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | |||||
| CVE-2006-3861 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | |||||
| CVE-2005-1823 | 1 Qualiteam | 1 X-cart | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php. | |||||
| CVE-2000-0239 | 1 Atrium Software | 3 Mercur Imap4 Server, Mercur Mailserver, Mercur Pop3 Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request. | |||||
| CVE-2001-0783 | 1 Cisco | 1 Tftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. | |||||