Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | |||||
| CVE-2005-3414 | 1 Eyeos Project | 1 Eyeos | 2025-04-03 | 7.5 HIGH | N/A |
| eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. | |||||
| CVE-2000-0513 | 1 Debian | 1 Debian Linux | 2025-04-03 | 5.0 MEDIUM | N/A |
| CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. | |||||
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). | |||||
| CVE-2005-2721 | 1 Foojan | 1 Php Weblog | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header. | |||||
| CVE-2006-3190 | 1 Hotplug Cms | 1 Hotplug Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | |||||
| CVE-2005-2044 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php. | |||||
| CVE-2005-2597 | 1 Aol | 1 Aol Client Software | 2025-04-03 | 7.2 HIGH | N/A |
| AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. | |||||
| CVE-2005-2556 | 1 Mantis | 1 Mantis | 2025-04-03 | 7.5 HIGH | N/A |
| core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | |||||
| CVE-1999-0955 | 1 Washington University | 1 Wu-ftpd | 2025-04-03 | 7.6 HIGH | N/A |
| Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command. | |||||
| CVE-2005-3741 | 1 Almondsoft | 1 Almond Classifieds | 2025-04-03 | 7.5 HIGH | N/A |
| Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | |||||
| CVE-2002-0021 | 1 Microsoft | 1 Office | 2025-04-03 | 5.0 MEDIUM | N/A |
| Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. | |||||
| CVE-2006-4045 | 1 Torbstoff | 1 Torbstoff News | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2005-2301 | 1 Powerdns | 1 Powerdns | 2025-04-03 | 5.0 MEDIUM | N/A |
| PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. | |||||
| CVE-2006-0129 | 1 Rockliffe | 1 Mailsite | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | |||||
| CVE-2006-1698 | 1 Matt Wright | 1 Matt Wright Guestbook | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis. | |||||
| CVE-2006-3927 | 1 Php Pro Bid | 1 Php Pro Bid | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter. | |||||
| CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. | |||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2025-04-03 | 7.5 HIGH | N/A |
| The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. | |||||
| CVE-2005-1434 | 1 Hp | 1 Openview Network Node Manager | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code. | |||||