Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2193 | 1 Cjoverkill | 1 Cjoverkill | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters. | |||||
| CVE-2001-1183 | 1 Cisco | 1 Ios | 2025-04-03 | 5.0 MEDIUM | N/A |
| PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2005-4780 | 1 Fidra Software | 1 Lighthouse Cms | 2025-04-03 | 4.3 MEDIUM | 3.7 LOW |
| Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED | |||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | |||||
| CVE-1999-0989 | 1 Microsoft | 1 Ie | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. | |||||
| CVE-2005-3802 | 1 Belkin | 2 F5d7230-4, F5d7232-4 | 2025-04-03 | 5.1 MEDIUM | N/A |
| Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. | |||||
| CVE-2004-2183 | 1 Wehelpbus | 1 Wehelpbus | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. | |||||
| CVE-2005-1439 | 1 Osticket | 1 Osticket | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter. | |||||
| CVE-2005-0628 | 1 Demof | 1 Forumwa | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message. | |||||
| CVE-2001-1282 | 1 Ipswitch | 1 Imail | 2025-04-03 | 5.0 MEDIUM | N/A |
| Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. | |||||
| CVE-2006-1217 | 1 Dsportal | 1 Dspoll | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. | |||||
| CVE-2005-1152 | 1 Debian | 1 Qpopper | 2025-04-03 | 2.1 LOW | N/A |
| popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions. | |||||
| CVE-2005-3350 | 1 Libungif | 1 Libungif | 2025-04-03 | 7.5 HIGH | N/A |
| libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. | |||||
| CVE-2004-1181 | 1 Toshiaki Kanosue | 1 Htmlheadline | 2025-04-03 | 4.6 MEDIUM | N/A |
| htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0649 | 1 Pixel-apes Group | 1 Safehtml | 2025-04-03 | 4.3 MEDIUM | N/A |
| Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | |||||
| CVE-2002-1545 | 1 Cooolsoft | 1 Personal Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response. | |||||
| CVE-2000-0007 | 1 Trend Micro | 1 Pc-cillin | 2025-04-03 | 5.0 MEDIUM | N/A |
| Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. | |||||
| CVE-2002-0952 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. | |||||
| CVE-2005-2968 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | |||||
| CVE-2006-3968 | 1 Sun | 1 Solaris | 2025-04-03 | 5.0 MEDIUM | N/A |
| The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. | |||||