Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0719 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.4 MEDIUM | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2025-04-03 | 2.6 LOW | N/A |
| nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2000-0378 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
| The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. | |||||
| CVE-2003-1298 | 1 Anyportal Php | 1 Anyportal Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot). | |||||
| CVE-2006-4834 | 1 Phpquiz | 1 Phpquiz | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter. | |||||
| CVE-2000-1132 | 1 Dcscripts | 1 Dcforum | 2025-04-03 | 6.4 MEDIUM | N/A |
| DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. | |||||
| CVE-1999-0086 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
| AIX routed allows remote users to modify sensitive files. | |||||
| CVE-2001-0805 | 1 Tarantella | 1 Tarantella Enterprise | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. | |||||
| CVE-2006-4967 | 1 Nextage | 1 Nextage Shopping Cart | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php. | |||||
| CVE-2004-0260 | 1 Cactusoft | 1 Cactushop Lite | 2025-04-03 | 5.0 MEDIUM | N/A |
| The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||. | |||||
| CVE-2000-0075 | 1 Nosque | 1 Msgcore | 2025-04-03 | 5.0 MEDIUM | N/A |
| Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. | |||||
| CVE-1999-0953 | 1 Matt Wright | 1 Wwwboard | 2025-04-03 | 10.0 HIGH | N/A |
| WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. | |||||
| CVE-2000-1195 | 1 Caldera | 2 Openlinux Edesktop, Openlinux Eserver | 2025-04-03 | 7.5 HIGH | N/A |
| telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option. | |||||
| CVE-2004-1951 | 1 Xine | 3 Xine, Xine-lib, Xine-ui | 2025-04-03 | 5.0 MEDIUM | N/A |
| xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | |||||
| CVE-2003-0444 | 1 Gtksee | 1 Gtksee | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths. | |||||
| CVE-2005-3321 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
| chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. | |||||
| CVE-2002-2081 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2025-04-03 | 5.0 MEDIUM | N/A |
| cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. | |||||
| CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2025-04-03 | 5.1 MEDIUM | N/A |
| An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | |||||
| CVE-2003-0733 | 1 Bea | 3 Liquid Data, Weblogic Integration, Weblogic Server | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. | |||||