Total
29802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0231 | 1 Ibrow | 1 News Desk | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. | |||||
| CVE-2005-0040 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. | |||||
| CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | |||||
| CVE-2006-1514 | 1 Abcmidi | 1 Abcmidi | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript. | |||||
| CVE-2004-2323 | 1 Dotnetnuke | 1 Dotnetnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | |||||
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2025-04-03 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | |||||
| CVE-2002-0616 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." | |||||
| CVE-2002-2130 | 1 Gallery Project | 1 Gallery | 2025-04-03 | 7.5 HIGH | N/A |
| publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-3639 | 1 Ubertec | 1 Help Center Live | 2025-04-03 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2004-1972 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. | |||||
| CVE-2002-2408 | 1 Gordano | 1 Ntmail | 2025-04-03 | 7.5 HIGH | N/A |
| Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server. | |||||
| CVE-2000-0851 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. | |||||
| CVE-2001-0020 | 1 Cisco | 2 Arrowpoint, Content Services Switch | 2025-04-03 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-1028 | 1 Redhat | 1 Linux | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. | |||||
| CVE-2000-0641 | 1 Michael Lamont | 1 Savant Webserver | 2025-04-03 | 7.5 HIGH | N/A |
| Savant web server allows remote attackers to execute arbitrary commands via a long GET request. | |||||
| CVE-2006-2017 | 1 Dnsmasq | 1 Dnsmasq | 2025-04-03 | 5.0 MEDIUM | N/A |
| Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. | |||||
| CVE-2005-3402 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | 2.6 LOW | N/A |
| The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. | |||||
| CVE-2006-0304 | 1 Achal Dhir | 1 Dual Dhcp Dns Server | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field. | |||||
| CVE-2006-0111 | 1 Boxcar Media | 1 Shopping Cart | 2025-04-03 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. | |||||
| CVE-2005-0627 | 1 Trolltech | 1 Qt | 2025-04-03 | 4.6 MEDIUM | N/A |
| Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. | |||||