Total
29562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2025-04-03 | 7.5 HIGH | N/A |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-0243 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. | |||||
| CVE-2005-2329 | 1 Mrv Communications | 3 In Reach Lx 1000s, In Reach Lx 4000s, In Reach Lx 8000s | 2025-04-03 | 4.6 MEDIUM | N/A |
| MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users. | |||||
| CVE-2003-1127 | 1 Whale Communications | 1 E-gap | 2025-04-03 | 5.0 MEDIUM | N/A |
| Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor. | |||||
| CVE-2005-1503 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php. | |||||
| CVE-2002-2036 | 1 Sun | 1 Ray Server Software | 2025-04-03 | 7.5 HIGH | N/A |
| Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client. | |||||
| CVE-2005-4572 | 1 Myezshop | 1 Myezshop Shopping Cart | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2002-0148 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. | |||||
| CVE-2004-1853 | 1 Atari | 1 Terminator 3 War Of The Machines | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable. | |||||
| CVE-2004-0055 | 1 Lbl | 1 Tcpdump | 2025-04-03 | 5.0 MEDIUM | N/A |
| The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. | |||||
| CVE-2001-0636 | 1 Raytheon | 1 Silentrunner | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates. | |||||
| CVE-2001-1555 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 4.6 MEDIUM | N/A |
| pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. | |||||
| CVE-2006-3557 | 1 Mt Orumcek | 1 Mt Orumcek Toplist | 2025-04-03 | 5.0 MEDIUM | N/A |
| MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2004-2472 | 1 Agnitum | 1 Outpost Firewall | 2025-04-03 | 5.0 MEDIUM | N/A |
| Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro. | |||||
| CVE-2006-1068 | 1 Netgear | 1 Netgear Router | 2025-04-03 | 4.9 MEDIUM | N/A |
| Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | |||||
| CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 4.6 MEDIUM | N/A |
| vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. | |||||
| CVE-2000-0460 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. | |||||
| CVE-2006-1097 | 1 Datenbank Module | 1 Datenbank Module | 2025-04-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-1999-0180 | 2025-04-03 | 7.5 HIGH | N/A | ||
| in.rshd allows users to login with a NULL username and execute commands. | |||||
| CVE-2006-2573 | 1 Dian Gemilang | 1 Dgbook | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||